Organizational Security Policies

An InfoSec policy is a document that outlines specific procedures, requirements and "best-practices" that must be adhered to by employees within an organization in order minimize exposure to risk and ensure the appropriate protection of an organization’s information systems. In addition, a comprehensive written InfoSec policy is an important document that can be used to substantiate compliance with various regulatory requirements (e.g. GLBA 501b, PCI DSS, HIPAA, SOX, etc) for those organizations subject to them.

A comprehensive written Information Security (InfoSec) policy is the "blueprint" of good security for any organization and without one a large part of the safety and security of your organizations digital assets is simply being left to chance -- specifically those areas where information security intersects with user behavior and corporate culture.

Fortress IT has qualified and experienced Certified Information System Security Professionals (CISSP) with the knowledge and experience to help you develop a comprehensive InfoSec policy customized for your organization and specific business requirements.