The Gold Security Package is the top of the line. It includes all the policies that most any company would reasonably need, so it is best for companies with advanced IT Security or documentation needs.
Many choose the Gold Package over the Silver Package for the Network Security Policy and the Confidential Data Policy. A benefit that is distinct to the Gold Package is the inclusion of IT Security forms that will assist with policy implementation. The package includes:
All policies in the Silver Package
Acceptable Use PolicyPassword Policy
Backup Policy
Network Access and Authentication Policy
Incident Response Policy
Remote Access Policy
VPN Policy
Guest Access Policy
Wireless Access Policy
Third Party Connection Policy
Network Security Policy
This in-depth policy is by nature the most technical, and covers such topics as: use of antivirus software, server patch management, default installations of systems, vulnerability management, logging, network segmentation, router/firewall/switch security, and more.
Encryption Policy
Specifies the company's encryption standards and how encryption is to be implemented. Includes applicability of encryption technology, key management, minimum strength of encryption, and legal use.
Confidential Data Policy
Identifies what the company considers confidential data and specifies how it should be handled. Covers such topics as access, encryption, transmission over the network, third-party access, and more.
Data Classification Policy
Sets guidelines for how the company deals with different types of data. Data is classified into five categories, with standards set for each on the storage, transmission, and destruction of the information.
Mobile Device Policy
Communicates the company's position on the use and security of mobile devices such as laptops, PDAs, smart phones and mobile storage media such as flash drives.
Retention Policy
Covers the company's policy on storage, retention, and destruction of the different types of data (as classified by the Data Classification Policy).
Outsourcing Policy
Outlines the company's policy on using outside vendors, consultants, or managed service providers to handle certain functions of IT. Covers the decision to outsource, provider evaluation, and security controls associated with outsourcing.
Physical Security Policy
Sets standards for the physical side of securing IT assets, including security zones, access controls, physical data/system security, minimizing risk, entry security, and more. Please note that this policy only touches on physical security as it relates to information technology.
Email Policy
Sets the company's standards for appropriate, safe, and effective email use. Covers the company's email system in its entirety, including desktop and/or web-based email applications, server-side applications, email relays, associated hardware, and all electronic mail sent from the system.
User Acceptance Page
A signature page wherein the user accepts the user-oriented policies (in the Gold Package these are the AUP, Password Policy, Remote Access Policy, Data Classification Policy, Confidential Data Policy, Mobile Device Policy, and Retention Policy) and agrees to abide by their contents.Standard Forms
These commonly-used forms will help create a paper trail to ensure compliance with the applicable polices. Forms provided are:- Security Incident Report
- Notice of Policy Noncompliance
- Account Setup Request
- Guest Network Access Request
- Request for Policy Exemption
- Visitor Log
$599
