Document Policies & Procedures

A policy is a system of guidelines, implemented as a procedure or protocol, to guide decisions and achieve rational outcomes throughout an organization. Policies are statements, rules or assertions that specify the correct or expected behavior of an entity. Procedures (also known as processes) are sets of interrelated or interacting activities or controls that use inputs to deliver an intended result.

‍

Stetson will assess the current inventory of policies for existence, completeness, and accuracy in alignment with best practices or regulatory requirements and assist organizations in updating or initially documenting policies to meet all applicable regulatory requirements. Policies reviewed and/or documented include, but are not limited to Cybersecurity, Information Security, Vendor Management, Disaster Recovery / Business Continuity, Incident Response, IT Asset Management (Hardware & Software), Data Management, Access Management, Change Management, and Vulnerability
Management.

‍

Documented policies and procedures set the tone for governance throughout any organization to reliably achieve objectives, addresses uncertainty and acts with integrity. Governance is the combination of processes established and executed by the directors (or the board of directors) that are reflected in the organization's structure and how it is managed and led toward achieving goals. Governance includes the policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk.