Gold IT Security Policy Product
The Gold Security Product is our premium IT Security policy product and #1 bestseller. Comprehensive, easy-to-edit, and instantly generated using our Instant
Policy Creation Wizard, our Gold Product includes all of the IT policies your company will need.
Our customers choose the Gold Product because they:
- Need to meet specific compliance requirements or regulations
- Have advanced or comprehensive IT security or documentation needs
- Need a template they can put in place immediately
- Require the essential Network Security Policy* and Confidential Data Policy*
- Desire Word compatible documents they can edit as they wish
- Use the IT Security Forms* to assist them in policy implementation
*Available only with the Gold Security Product
We are confident that the Gold Security Product represents the highest value IT security policies available today. Companies ranging from 50,000 employees to as few
as five employees currently use our Gold Security Product data security policies, and are very satisfied! Our Gold Security Product is:
- A Fully editable IT policy document
- Written according to C-I-A triad of Confidentiality, Integrity, and Availability
- Customized to meet your corporate, compliance, or industry requirements
- Immediately available using our template-based Instant Creation Wizard
- Cost-efficient compared to the price of doing it yourself or hiring a consultant
- 100% Guaranteed - if you are not completely satisfied receive a full refund
The Gold Product includes all of the policies in the Bronze and Silver Product, plus 9 more IT policies only available in the Gold Product. You will also receive
our policy forms to help you implement your customized security policy templates. This IT Policy Product gives you the following IT policies:
Acceptable Use Policy (AUP)
This large and far-reaching policy communicates to users how the network may be used. This policy covers such areas as personal use of email and the Internet, blogg
ing, excessive use, peer-to-peer file sharing, personal storage media, user software installation, instant messaging, monitoring, copyright infringement, prohibited
activities, and much more.
Covers minimum acceptable standards for network authentication, including password standards, use, and frequency of change. The policy also includes user guidelines
for creating secure and easy-to-remember passwords.
Presents the company’s backup strategy, including identification of critical systems and data, frequency of incremental and full backups, responsibilities of backup
administrator, storage of backups, offsite rotation, restoration procedures, and more.
Network Access and Authentication Policy
Covers the corporate standards for accessing the network, including such topics as account setup and use, authentication methods, minimum configurations, off-hours a
ccess, and more.
Incident Response Policy
Specifies exactly how the organization will respond in the event of suspected security incident. This policy defines security incidents, both physical (such as the
loss of a laptop) and electronic. Includes preparation plans, response activities for different scenarios, and forensics/recovery based on your stated goals.
Remote Access Policy
States the company's position on accessing the corporate network remotely. Covers such topics as: permitted use of the network from remote sources, prohibited actio
ns, use of VPN/encryption software, and accessing the network from non-company-provided computers.
Covers how the company connects to remote sites or business partners with site-to-site VPNs. Includes such topics as authentication, encryption, management, logging
Guest Access Policy
States the company's policy for allowing guests, such as contractors or visitors, to connect to the corporate network. The policy covers AUP acceptance, account use
, security of guest machines, guest infrastructure requirements, and more.
Wireless Access Policy
States the company's position on use of wireless networking, including installation and configuration guidelines, access to confidential data, and inactivity.
Third Party Connection Policy
This policy covers company standards for connecting to third parties such as vendors, partners, customers, consultants. It includes topics such as the use and secur
ity of third party connections, access restrictions, and audits.
Network Security Policy
This in-depth policy is by nature the most technical, and covers such topics as: use of antivirus software, server patch management, default installations of systems, vulnerability management, logging, network segmentation, router/firewall/switch security, and more.
Specifies the company's encryption standards and how encryption is to be implemented. Includes applicability of encryption technology, key management, minimum strength of encryption, and legal use.
Confidential Data Policy
Identifies what the company considers confidential data and specifies how it should be handled. Covers such topics as access, encryption, transmission over the network, third-party access, and more.
Data Classification Policy
Sets guidelines for how the company deals with different types of data. Data is classified into five categories, with standards set for each on the storage, transmission, and destruction of the information.
Mobile Device Policy
Communicates the company's position on the use and security of mobile devices such as laptops, PDAs, smart phones and mobile storage media such as flash drives.
Covers the company's policy on storage, retention, and destruction of the different types of data (as classified by the Data Classification Policy).
Outlines the company's policy on using outside vendors, consultants, or managed service providers to handle certain functions of IT. Covers the decision to outsource, provider evaluation, and security controls associated with outsourcing.
Physical Security Policy
Sets standards for the physical side of securing IT assets, including security zones, access controls, physical data/system security, minimizing risk, entry security, and more. Please note that this policy only touches on physical security as it relates to information technology.
Sets the company's standards for appropriate, safe, and effective email use. Covers the company's email system in its entirety, including desktop and/or web-based email applications, server-side applications, email relays, associated hardware, and all electronic mail sent from the system.
User Acceptance Page
This is a signature page wherein the user accepts the user-oriented policies and agrees to the stated terms before being provided access.
In the Gold product these user-oriented policies include: AUP, Password Policy, Remote Access Policy, Data Classification Policy, Confidential Data
Policy, Mobile Device Policy, and Retention Policy. With the User Acceptance page your users agree to abide by their contents.
Standard Forms - Available only with the Gold Security Product!
These commonly-used forms will help create the required paper trail to ensure compliance with the applicable policies. The forms provided for you include:
- Security Incident Report
- Notice of Policy Noncompliance
- Account Setup Request
- Guest Network Access Request
- Request for Policy Exemption
- Visitor Log
As you can see, each of the Gold Product's twenty IT security policies are designed to work together cohesively to achieve a comprehensive and unified policy structure. The
Standard Forms are meant to make the process of putting the policies into place at your company even easier. It's just makes sense. With our Gold Product, you will
be able to clearly communicate your company's position on critical IT security issues, increase compliance, decrease risk, and maintain a stronger, more professional
IT security presence.
Selected Client Logos
"Your IT security policies saved dozens of hours of my time. Instead of days to create I was done in minutes. Awesome!"
Jim Rucker - CIO, Anchorage, AK
"Passed my audit with ease. I wish I had known about these security policies at my last company."
Randy Hogan - CFO, Wilmington, NC
"Your well-written policies helped me achieve Massachusetts 201 CMR 17.00 compliance. Thank you."
John Sams - Network Administrator, Boston, MA
"I immediately had the security policies I needed to help me with my PCI compliance. I didn't need to assemble them from a pile of statements - they were literally immediately available."
Julie Kent - VP of Information Technology, Tucson, AZ