Getting You on the Correct Path with Cybersecurity Policies and Procedures

By now, I imagine you’ve been facing pressure from either an auditor, regulatory body, or even a customer saying that you need to have a ‘Cybersecurity Policy’ in place.  There is very little to counter that argument.

Square, meet Round Hole

There will always be common aspects of a security policy that are necessary to include, but every policy should be customized to your environment.  Here are some simple questions that you need to answer:

  • Is your business regulated (HIPAA, Dept. of Financial Services, FERPA, etc.)?
  • Who is your audience?
  • What kind of sensitive data do you deal with and what kind of format is it in (Paper, electronic, both)?
  • Do you have systems that need to be updated on a regular basis?

If you don’t know all the answers to the above questions, a Risk Assessment will draw all of this out for you and help you craft a custom policy to your business.  There are also occasions when you need to quickly put a policy or procedure in place, but keep in mind you should never implement a policy for the sake of checking a box.

If it is not measurable, it does not exist

The goal of security policies is to define the main security objectives and the security framework for an organization.  The existence of current and accurate policies along with a formal process for ensuring they are communicated, reviewed, and updated regularly is crucial to protecting sensitive and regulated information.

Below is a process for implementing policies:

  • How are policies and procedures monitored for effectiveness and how frequently?
  • How are policies and procedures measured in terms of the results they achieve?
  • How are policies and procedures disseminated to all faculty and staff?
  • How often are the policies and procedures revised and updated?
  • How will important and relevant content be included?

Finally, relax

Overwhelmed yet?  Don’t worry, we are here to help.  Innovative Solutions can help you determine what policies you should have in place, help you create them, and give you an implementation plan that makes sense for your business.  Call 585.292.5070 x278 and speak directly to our Chief Information Security Officers to start the conversation.


Cyber security: How to thwart 2017’s biggest threats

Each year, hackers and thieves find devious new ways to compromise your information technology. Innovative Solutions has been on the case for years, and we’ve helped dozens of clients guard against increasingly sophisticated cyber attacks. Often, a business knows they need to take decisive action, but they’re not sure where to start. So this year, we’ve organized our cyber security services into three main programs to sync up with your needs.

Program I
Cyber Security and Information Assurance Consulting

Services to assess your current state and deliver a detailed recommendation of any gaps we find. We hit every base, from staff training to disaster recovery.


Program II
Cyber Security Technical Assessment and Analysis

A series of a tests to see what happens when we attempt to break into your system. If you think you’re secure, you may be right. Or you may be surprised. Either way, with this offering, you’ll know. And you can take action.


Program III
Cyber Security Industry-specific programs

A series of services that tackle issues unique to different sectors, from banking to healthcare.

It can be rough out there—we can help you be fully prepared.

In a world where the threat is real, make sure your information is as secure as possible. These three cyber security programs will make it easier for you to get started on a path to peace of mind.

LEARN more about each program

 Contact us TODAY to get started  


  • This field is for validation purposes and should be left unchanged.