All businesses need to document the boundaries and the way in which it wishes risks to be managed, both internally and by 3rd parties and suppliers. Our approach will allow the development of policies and processes that work within the organisations requireemnts while maintaining flexibility. Areas covered but not limited to: Joiners, Movers and Leavers, Data Retention, Data classification, IT user, Security Management policies, Data handling and Data distruction.
- If a process review had been carried out this process would continue on to follow the remediation plan.
- If no policies or processes were in existance or if the client wishes to start again we would need to understand what the aim of the policies and process' are. If Risks and business process' have been suitably mapped we would work with the client to develop a suitable approach
- If enough information is not available it would be recomended that a business review takes place first