Policy’s and Procedures Company’s should have on file

Acceptable Use Policy

Rules for the acceptable use of information and assets associated with information processing facilities.

Additionally covering internet access policy, BYOD  policies as part of this.

Antivirus Policy

Detection, prevention and recovery controls to protect against viruses.

Information Classification and Data Policy

Information classification in terms of its value, legal
requirements, sensitivity and criticality to the organization.

Additionally covering Disposal of Information Policy +Data Classification Guidelines/procedure as part of this (procedures for information labelling and
handling). Additionally covers  destruction of data on removable media. CPS 234 guidelines are also covered as part of this.

Clear Desk and Clear Screen Policy

A clear desk policy for papers and removable storage media and a clear screen policy for information processing facilities.

Email Policy

Appropriate protection of Information involved in electronic messaging.

IT Mobile Computing Policy

a. The process that mobile computers must meet to leave the company network.
b. How mobile computers and devices will be protected while outside the organizational network.
c. The process that mobile computers must meet to enter the company network when being brought into a building owned by the organization

Password Policy

Guidelines for managing passwords.

Physical Security Policy

Physical security for offices, rooms, and facilities by appropriate entry controls, Physical protection against damage from fire, flood, earthquake, explosion, civil unrest, and other forms of natural or man-made disasters.

Risk Assessment and Handling Policy

Overall process of risk analysis and risk evaluation. Operating controls to manage an organization's information security risks in the context of the organization’s overall business risks

Change Management Policy

Policy to manage changes to organisation, business processes, information processing facilities and systems that affect information security.11

Remote Access Policy

Policy for teleworking activities, VPN and remote access of organisation resources.

Covering VPN policy as part of this

Security Incident Management Policy

Policy to raise, handle and resolve information security incidents.

Wireless Communication Policy

Specifies the conditions that wireless infrastructure devices must satisfy to connect to the Wireless infrastructure of the organisation. Only devices that meet the standards specified in this policy are allowed to connect to corporate Wifi infra.

Patch Management Procedure

Provide the guidelines for the use and deployment of the Patch Management Solution within the organisation

Vulnerability Management Policy

Information about technical vulnerabilities of information
systems being used shall be obtained, the organization's exposure to such vulnerabilities evaluated, and appropriate measures taken to address the associated risk.

Business Continuity Planning Procedure

This is a detailed plan developed to enable continuity of operations of the organisation in an event of a disaster. The provisions of this plan will be used as the basis for guiding recovery activities, DR (disaster recovery) aimed at operating Core business functions at a pre-determined minimum acceptable level of service.

Application Development and code review procedure

Set of security guidelines to be followed at the time of software development and to establish a code review mechanism

Audit Log and Monitoring Policy

Deals with handling and storing system critical logs and their ongoing monitoring.

Access Control Policy

The policy specifies how to manage access control to organisation's critical assets and provide appropriate access controls to protect information processed/ stored in computer systems. To prevent unauthorized access to data or system resources.

Key Management and Data Encryption Policy

Use of cryptographic controls for protection of
information .Key management process to support the organization’s use of cryptographic techniques.

Information Security Policy

This policy document provides the framework to develop and disseminate an information security policy in order to achieve organisation security objectives. This policy document is the master document, which is supported by other documents governing Information Security Management System compliance within the organisation

Third Party Provider Policy

This Policy outline the requirements for engaging, monitoring and working with vendors, External Service Provider (ESP), service provider partners and contractors.

Mandatory Data Breach Notification Policy

This policy sets out procedures for managing a data breach, including the considerations around notifying persons whose privacy may be affected by the breach.