Governance Documentation
this is the security policy hub!
Dive into our repository to explore the policies and documentation that shape our resilient information security program.
Here, we transparently share our strategies for mitigating risks, safeguarding data, and shielding our operations from cyber threats. Navigate through our structured, secure digital environment, understanding how we foster a safeguarded digital space for our operations and data.
Leadership
Information Security Management System Manual
Information Security Roles, Responsibilities and Authorities
Executive Support Letter
Information Security Policy
Meeting Minutes
Planning
Information Security Objectives and Plan
Risk Assessment and Treatment Process
Risk Assessment Report
Risk Treatment Plan
ISMS Change Process
ISMS Change Log
Asset-Based Risk Assessment and Treatment Tool
Statement of Applicability
Scenario-Based Risk Assessment and Treatment Tool
Opportunity Assessment Tool
Support
Information Security Competence Development Procedure
Information Security Communication Programme
Procedure for the Control of Documented Information
ISMS Documentation Log
Information Security Competence Development Report
Awareness Training Presentation
Competence Development Questionnaire
EXAMPLE Competence Development Questionnaire
Operation
ISMS Process Interaction Overview
Performance evaluation
Process for Monitoring, Measurement, Analysis and Evaluation
Procedure for Internal Audits
Internal Audit Plan
Procedure for Management Reviews
Internal Audit Report
Internal Audit Programme
Internal Audit Action Plan
Management Review Meeting Agenda
Internal Audit Checklist
EXAMPLE Internal Audit Action Plan
Performance evaluation
Procedure for the Management of Nonconformity
Nonconformity and Corrective Action Log
ISMS Regular Activity Schedule
EXAMPLE Nonconformity and Corrective Action Log
Improvement
Procedure for the Management of Nonconformity
Nonconformity and Corrective Action Log
ISMS Regular Activity Schedule
EXAMPLE Nonconformity and Corrective Action Log
Organizational controls
Social Media Policy
HR Security Policy
Segregation of Duties Guidelines
Segregation of Duties Worksheet
Information Security Whistleblowing Policy
Authorities Contacts
Specialist Interest Group Contacts
Threat Intelligence Policy
Threat Intelligence Process
Threat Intelligence Report
Information Security Guidelines for Project Management
Asset Management Policy
Information Asset Inventory
Acceptable Use Policy
Internet Access Policy
Electronic Messaging Policy
Asset Handling Procedure
Procedure for Managing Lost or Stolen Devices
Online Collaboration Policy
New Starter Checklist
Information Classification Procedure
Information Labelling Procedure
Information Transfer Procedure
Information Transfer Agreement
Access Control Policy
User Access Management Process
Information Security Policy for Supplier Relationships
Supplier Information Security Agreement
Supplier Due Diligence Assessment Procedure
Supplier Due Diligence Assessment
Supplier Information Security Evaluation Process
Supplier Evaluation Covering Letter
Supplier Evaluation Questionnaire
Cloud Services Policy
Cloud Services Process
Cloud Service Specifications
Cloud Services Questionnaire
Incident Response Plan Ransomware
Incident Response Plan Denial of Service
Incident Response Plan Data Breach
Information Security Event Assessment Procedure
Information Security Incident Response Procedure
Incident Lessons Learned Report
Business Impact Analysis Process
Business Impact Analysis Report
ICT Continuity Incident Response Procedure
ICT Continuity Plan
ICT Continuity Exercising and Testing Schedule
ICT Continuity Test Plan
ICT Continuity Test Report
Business Impact Analysis Tool
Legal, Regulatory and Contractual Requirements Procedure
Legal, Regulatory and Contractual Requirements
IP and Copyright Compliance Policy
Records Retention and Protection Policy
Privacy and Personal Data Protection Policy
Personal Data Breach Notification Procedure
Personal Data Breach Notification Form
Breach Notification Letter to Data Subjects
Information Systems Audit Plan
Information Security Summary Card
Operating Procedure
Passwords Awareness Poster
People controls
Employee Screening Procedure
Employee Screening Checklist
Guidelines for Inclusion in Employment Contracts
Employee Disciplinary Process
Employee Termination and Change of Employment Checklist
Leavers Letter
Schedule of Confidentiality Agreements
Non-Disclosure Agreement
Remote Working Policy
Information Security Event Reporting Procedure
Email Awareness Poster
Physical controls
Physical Security Policy
Physical Security Design Standards
Data Centre Access Procedure
CCTV Policy
Procedure for Working in Secure Areas
Clear Desk and Clear Screen Policy
Procedure for Taking Assets Offsite
Procedure for the Management of Removable Media
Physical Media Transfer Procedure
Equipment Maintenance Schedule
Procedure for the Disposal of Media
Technological controls
Mobile Device Policy
BYOD Policy
Dynamic Access Control Policy
Capacity Plan
Anti-Malware Policy
Technical Vulnerability Management Policy
Technical Vulnerability Assessment Procedure
Configuration Management Policy
Configuration Management Process
Configuration Standard Template
Information Deletion Policy
Data Masking Policy
Data Masking Process
Data Leakage Prevention Policy
Backup Policy
Availability Management Policy
Logging and Monitoring Policy
Monitoring Policy
Privileged Utility Program Register
Software Policy
Network Security Policy
Network Services Agreement
Web Filtering Policy
Cryptographic Policy
Secure Development Policy
Requirements Specification
Principles for Engineering Secure Systems
Secure Coding Policy
Acceptance Testing Checklist
Secure Development Environment Guidelines
Change Management Process