Document Policies & Procedures
A policy is a system of guidelines, implemented as a procedure or protocol, to guide decisions and achieve rational outcomes throughout an organization. Policies are statements, rules or assertions that specify the correct or expected behavior of an entity. Procedures (also known as processes) are sets of interrelated or interacting activities or controls that use inputs to deliver an intended result.
* Explain rules and expectations in the workplace.
* Provide consistency and reliability to business operations.
* Enable efficient and effective operations.
* Ensure compliance with laws and regulations.
* Can be reviewed, monitored, and changed as needed.
Stetson helps tax and accounting professionals implement an IRS-required Written Information Security Plan (WISP) to protect client data, which must include specific elements tailored to the firm's size and complexity.
Stetson can assess current inventory of policies for existence, completeness, and accuracy in alignment with best practices or regulatory requirements and assist organizations in updating or initially documenting policies to meet all applicable regulatory requirements.
Policies reviewed and/or documented include, but are not limited to Cybersecurity, Information Security, Vendor Management, Disaster Recovery / Business Continuity, Incident Response, IT Asset Management (Hardware & Software), Data Management, Access Management, Change Management, and Vulnerability
Management.
Documented policies and procedures set the tone for governance throughout any organization to reliably achieve objectives, addresses uncertainty and acts with integrity. Governance is the combination of processes established and executed by the directors (or the board of directors) that are reflected in the organization's structure and how it is managed and led toward achieving goals. Governance includes the policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk.