.
What is it about?
Having policies and procedures is a fundamental step for effective corporate governance, whether extended to the entire organisation or limited to certain critical areas.
The service that CryptoNet Labs offers its customers deals with the document system related to particular issues of ICT security, both for corporate governance needs and when the presence of policies and procedures is expressly required by compliance requirements (ISO 27001 security manual, policies and procedures according to the PCI DSS standard or GDPR).
For policies and procedures to be useful and effective, they must be drafted in a reasoned manner, analysing the processes in which they must be used to ensure full compliance between what is described and what has been carried out
The intervention involves the analysis and understanding of the organisational and technological context in which the policies/procedures will be inserted, and the revision and formalisation of established practices.
It is therefore essential to have an ongoing dialogue with the customer in order to gather the information necessary for the drafting and register feedback on what has been prepared.
If necessary, the drafting of policies and procedures can be completed with the preparation of RACI schemes and all the necessary forms to collect evidence.
The activity can also be a long-term support to the customer, used to adapt the document system to new needs, such as those arising from reorganisations, acquisitions or infrastructural changes.
Who can benefit from it
Companies that want to formalise consolidated procedures or that want to set the rules for a safe management of new issues with the help of consultants specialised in different areas of ICT security, and quickly.