About

A defined and documented information security policy is essential for the successful, structured, and sustainable implementation of information security in every organisation. It usually includes a company’s individual information security requirements and strategy.

How we can help

Pākiki can provide a consultant that can work with you on:

• Evaluating your current security policies and supporting security documentation.
• Identifying your security policies, and possible compliance requirements.
• Creating a security policy and, optionally, supporting policies and security documentation.
• Reviewing an existing security policy and supporting documentation.
• Updating or revise existing documents.

Methodology

The particular methodology will vary depending on the client’s needs, however broadly speaking the methodology is:

1. Information Gathering: Understanding your current situation and requirements regarding security policies.
2. Review Gaps: Understand where there are current gaps with regards to your security policies, and the supporting documentation.
3. Provide advice: Take the output of the above checks, and use our understanding of your business, and your possible compliance requirements, to provide practical, tailored advice on how to create a new suitable security policy or to revise an existing one, that meets your individual requirements.

A security policy can be created individually to your specific needs or based on and aligned with common security standards or frameworks (e.g. ACSC Essential 8, CIS, NIST, ISO 27001, etc).

Get in touch

We’d love to hear more about your organisation, and to discuss how we can help.