BYOD Policy & Acknowledgement Template | ITSD109-1

BYOD Policy & Acknowledgement Template

All employees should receive a copy of ITSD109-1 COMPANY BYOD POLICY ACKNOWLEDGEMENT. Upon reviewing the document, each employee should sign and date their copy of the acknowledgement and return it to Human Resources. Employees should keep a copy of this document for themselves. The BYOD Policy & Acknowledgement Template covers BYOD and the company, BYOD guidelines, and employee acknowledgment.

At regular intervals (annually, at a minimum), the IT Manager should review the company’s BYOD policy to see if it continues to meet company and other requirements (legal/regulatory, etc.). If the BYOD policy does not adequately address company and other requirements, the IT Managers should convene the Policy Committee for the purpose of implementing revisions to the policy. Where the policy does not meet requirements, the Policy Committee should revise the policy as needed and communicate the revised policy to the IT Manager, who is responsible for its implementation and distribution.

BYOD Policy & Acknowledgement Template Details

Pages: 02
Words: 694
Format: Microsoft Word 2013 (.docx)
Language: English
Manual: IT Policies and Procedures Templates
Category: IT Security & Disaster Recovery
Procedure: IT BYOD Policy Procedure ITSD109
Type: Guide

 

IT Access Control Log Template | ITSD106-3

IT Access Control Log Template

Instances of access and use of any Information Technology resource should be automatically logged in the IT Access Control Log Template. ITSD106-3 ACCESS CONTROL LOG should be retained in accordance with legal and regulatory requirements. Access to applications should be limited to authorized users and to normal business hours, with reasonable exceptions.

Access control is defined as the enforcement of specified authorization rules based on positive identification of users and the systems or data they are permitted to access (or, providing access to authorized users while denying access to unauthorized users). The Information Technology Security Manager should periodically (once a week is recommended) review the Access Control Log and present a status report to Information Technology Managers.

IT Access Control Log Template Details

Pages: 01
Words: 24
Format: Microsoft Word 2013 (.docx)
Language: English
Manual: IT Policies and Procedures Templates
Category: IT Security & Disaster Recovery
Procedure: IT Access Control Procedure ITSD106
Type: Log

Related Documents

IT Access Control Plan Template | ITSD106-1

IT Access Control Plan Template

The Information Technology Security Manager should determine the company’s current state of access control, to develop a baseline for the IT Access Control Plan Template. After it is developed, ITSD106-1 IT ACCESS CONTROL PLAN should be submitted to Information Technology Managers for review and possible revision. The IT Access Control Plan Template should contain the following, at a minimum:

  • Business requirements for access regulation;
  • Rules for managing user access;
  • User responsibility guidelines;
  • Access control and operating systems;
  • Access control and applications; and
  • Monitoring user access.

The Information Technology Security Manager should monitor the IT Access Control Plan (are systems, databases, etc., being used appropriately by the right people) by reviewing access logs, security logs, etc., on a periodic basis (once a week is recommended). Findings of such reviews should be reported to the Security Review Committee for its review and possible action.

IT Access Control Plan Template Details

Pages: 03
Words: 847
Format: Microsoft Word 2013 (.docx)
Language: English
Manual: IT Policies and Procedures Templates
Category: IT Security & Disaster Recovery
Procedure: IT Access Control Procedure ITSD106
Type: Form

Related Documents

IT BYOD Policy Procedure | ITSD109

IT BYOD Policy Procedure

The IT BYOD Policy Procedure helps communicate specific standards and guidelines regarding the use of personal devices to conduct company business. Company employees and contractors may use their personal electronic devices (e.g., smartphones, tablets) for conducting company business, provided that they understand and agree with the “Bring Your Own Device” (BYOD) policy, have been granted express permission, and act in accordance with the policy.

Company employees and contractors may use their personal electronic devices (e.g., smartphones, tablets) for conducting company business, provided that they understand and agree with the “Bring Your Own Device” (BYOD) policy, have been granted express permission, and act in accordance with the policy. (8 pages, 1797 words)

IT BYOD Responsibilities:

All Employees are responsible for being aware of, understanding, and adhering to the company’s BYOD policy.

Department Managers are responsible for communicating BYOD policy updates to the employees in their respective departments.

The Human Resources Manager is responsible for communicating the BYOD policy to new employees and retaining employee policy acknowledgements.

The Information Security Manager monitors BYOD usage and enforces the BYOD policy

The Information Technology Manager (IT Manager) is responsible for developing BYOD policy and for reviewing the policy and any changes to it with the Policy Committee. The IT Manager also oversees monitoring and enforcement of the BYOD policy.

IT BYOD Definitions:

BYOD – Bring Your Own Device, or using one’s personal mobile phone, PC, tablet, or other personal electronic device to conduct the company’s business.

Policy Committee – A group comprised of Top Management and the IT Manager. The purpose of the Policy Committee is to develop, review, approve, and revise the company’s BYOD policy, as needed.

Top Management – A group comprised of the company’s chief executive and chief financial officer, at a minimum. In larger companies, top management may include department/functional managers (e.g., VP-Sales, CTO).

IT BYOD Policy Procedure Activities

  • BYOD Policy Development
  • BYOD Policy Implementation
  • BYOD Policy Review
  • BYOD Policy Changes

IT BYOD Policy Procedure Forms

 

IT Disaster Recovery Plan Template | ITSD104-1

IT Disaster Recovery Plan Template

To be prepared for disaster – to best ensure the continuity of business, should a disaster occur – the company should develop an IT Disaster Recovery Plan Template. The company should implement ITSD104-1 IT DISASTER RECOVERY PLAN, educating employees in their roles and responsibilities; test the Plan, to see if it will ensure rapid and full recovery; and fix flaws identified in testing, to better ensure the Plan will work when it is most needed.

The company should establish an Information Technology Disaster Recovery Planning Committee (Information Technology DRPC), composed of key personnel from each functional area within the company (HR, accounting, sales, etc.) and an Information Technology Disaster Recovery Coordinator, who should chair the Committee. The Information Technology DRPC should meet to:

  • Analyze and discuss the information obtained by the Information Technology Disaster Recovery Coordinator;
  • Identify mission-critical systems and services, determining how long each business unit can survive without those systems/services in operation (conduct a business impact analysis);
  • Establish recovery priorities.

The Information Technology Security Manager should test Information Technology disaster response and recovery at least once every 12 months. The Information Technology Security Manager should also test response and recovery upon any changes to the IT Disaster Recovery Plan. The Information Technology Disaster Recovery Plan should be periodically (at least once every three years) subjected to a third-party audit, to verify that the Plan is clear, sound, and continues to meet company, customer, and legal/regulatory requirements.

IT Disaster Recovery Plan Template Details

Pages: 37
Words: 2556
Format: Microsoft Word 2013 (.docx)
Language: English
Manual: IT Policies and Procedures Templates
Category: IT Security & Disaster Recovery
Procedure: IT Disaster Recovery Procedure ITSD104
Type: Form

 

IT Incident Report Template | ITSD108-1

IT Incident Report Template

Any employee who has evidence of an Information Technology security incident occurring or suspects such an incident may have occurred should notify the Information Technology Help Desk. The Help Desk contact should open an IT Incident Report Template and submit it to the Information Technology Manager to begin the investigation.

The Information Technology Manager should evaluate the information contained on ITSD108-1 IT INCIDENT REPORT, determine the potential for loss and the risk to the company, and assign the incident to the Incident Response Handling Team. The Incident Response Handling Team should survey the incident scene, determine what information will be needed to evaluate the incident (logs, audit trails, etc.), and preserve and document evidence.

The Information Technology Manager should review all Incident Reports to ensure incidents are handled in a timely manner, users are satisfied with the results, and that the company assets are protected from harm. Lessons learned, recommendations, and deficiencies should be presented to the Security Review Committee for discussion.

IT Incident Report Template Details

Pages: 04
Words: 247
Format: Microsoft Word 2013 (.docx)
Language: English
Manual: IT Policies and Procedures Templates
Category: IT Security & Disaster Recovery
Procedure: IT Security Incident Handling Procedure ITSD108
Type: Report

IT Information Storage Plan Template | ITSD103-1

IT Information Storage Plan Template

Information Technology Managers should oversee development and implementation of an IT Information Storage Plan Template that ensures data availability, confidentiality, and integrity. ITSD103-1 INFORMATION STORAGE PLAN should also:

  • Enable rapid and full recovery from natural or manmade disasters;
  • Ensure company compliance with industry standards and/or legal & regulatory requirements for data storage; and
  • Allow efficient, cost-effective data management.

Information Technology Managers should design the IT Information Storage Plan Template, with the assistance of the Information Technology Storage Librarian. Information Technology Managers should submit the Information Storage Plan to Top Management for its review and approval. Upon approval of the Plan, Information Technology Managers should communicate the Plan to the Information Technology Storage Librarian and should arrange for training, as needed.

Information Technology Managers should periodically (annually, at a minimum) meet with the Information Technology Storage Librarian to review the Information Storage Plan and determine its continuing suitability and conformity to company requirements and to ensure that data are retrievable and not in danger of loss due to technology changes.

IT Information Storage Plan Template Details

Pages: 01
Words: 98
Format: Microsoft Word 2013 (.docx)
Language: English
Manual: IT Policies and Procedures Templates
Category: IT Security & Disaster Recovery
Procedure: IT Media Storage Procedure ITSD103
Type: Form

IT Nonconformity Report Template | ITSD107-2

IT Nonconformity Report Template

Nonconformities and supporting evidence should be recorded on the IT Nonconformity Report Template and reviewed with the Information Technology Security Manager, to obtain acknowledgement of evidential accuracy and ensure that nonconformities are understood. ITSD107-2 IT NONCONFORMITY REPORT should be complete with the date, auditor, area/system, description of nonconformity, and supporting evidence.

The Information Technology Security Manager should meet with Information Technology Managers to review the IT Nonconformity Report Template (if one has been generated) and plan to take corrective actions, if required. If it has been decided to take corrective action, the Information Technology Security Manager should submit a corrective action plan, including objectives, actions, and deadlines, to the audit team leader.

IT Nonconformity Report Template Details

Pages: 01
Words: 14
Format: Microsoft Word 2013 (.docx)
Language: English
Manual: IT Policies and Procedures Templates
Category: IT Security & Disaster Recovery
Procedure: IT Security Audits Procedure ITSD107
Type: Report

Related Documents

IT Security Assessment Checklist Template | ITSD102-1

IT Security Assessment Checklist Template

The Information Technology Security Manager should conduct a security assessment of the company’s Information Technology network, using the IT Security Assessment Checklist Template as a guide. ITSD102-1 IT SECURITY ASSESSMENT CHECKLIST covers hardware risk, software risk, environmental risk, network failure, and more.

A Security Review Committee, consisting of Information Technology Managers, the Information Technology Security Manager, and management from the various company departments (Human Resources, Accounting, Production, Sales, etc.), should be established. The Information Technology Security Manager should evaluate findings and discuss recommendations to correct deficiencies and/or improve security with the Security Review Committee.

IT Security Assessment Checklist Template Details

Pages: 10
Words: 1861
Format: Microsoft Word 2013 (.docx)
Language: English
Manual: IT Policies and Procedures Templates
Category: IT Security & Disaster Recovery
Procedure: IT Security Plan Procedure ITSD102
Type: Checklist

Related Documents

 

IT Security Audit Plan Template | ITSD107-3

IT Security Audit Plan Template

The audit team leader should prepare for onsite audit activity by preparing the IT Security Audit Plan Template and assigning tasks to members of the audit team. ITSD107-3 IT SECURITY AUDIT PLAN should cover audit objectives, audit criteria, audit scope, estimated duration, and more. Audit team members should prepare work documents, such as audit checklists, sampling plans, and forms for recording information (minutes of meetings, supporting evidence, audit findings, etc.).

The audit team should conduct the onsite audit, which should consist of:

  • The audit team leader conducting an opening meeting with Information Technology Managers and the Information Technology Security Manager to confirm the audit plan (including roles and responsibilities of all parties), explain how audit activities will occur, confirm lines of communication during the audit, and provide the Auditee with an opportunity for feedback.
  • Communication during the audit.

The audit team leader should conduct a closing meeting in order to formally present the audit team’s findings and conclusions, to verify the understanding and obtain the acknowledgement of the Information Technology Security Manager, and if nonconformities are found, to agree on a timeframe for the Information Technology Security Manager to present a corrective and preventive action plan.

IT Security Audit Plan Template Details

Pages: 01
Words: 60
Format: Microsoft Word 2013 (.docx)
Language: English
Manual: IT Policies and Procedures Templates
Category: IT Security & Disaster Recovery
Procedure: IT Security Audits Procedure ITSD107
Type: Form

Related Documents

IT Security Audit Report Template | ITSD107-1

IT Security Audit Report Template

The IT Security Audit Report Template should provide a complete, accurate, clear, and concise record of the audit. ITSD107-1 IT SECURITY AUDIT REPORT should be prepared, approved, and distributed by the audit team. It should include or refer to the following:

  1. Audit objectives and scope;
  2. Where and when the audit was conducted;
  3. Who took part in the audit;
  4. The audit criteria; and
  5. Audit findings and conclusions.

The Information Technology Security Manager should meet with Information Technology Managers to review the IT Security Audit Report Template and plan to take corrective actions, if required. If it has been decided to take corrective action, the Information Technology Security Manager should submit a corrective action plan, including objectives, actions, and deadlines, to the audit team leader. If it has been decided not to take corrective action, the Information Technology Security Manager should inform the audit team leader of this decision, with explanation.

IT Security Audit Report Template Details

Pages: 01
Words: 55
Format: Microsoft Word 2013 (.docx)
Language: English
Manual: IT Policies and Procedures Templates
Category: IT Security & Disaster Recovery
Procedure: IT Security Audits Procedure ITSD107
Type: Report

Related Documents

IT Security Implementation Plan Template | ITSD102-3

IT Security Implementation Plan Template

The Information Technology Security Manager should ensure that the plan is comprehensive and complete and should present the Plan and the IT Security Implementation Plan Template to the Security Review Committee for its approval. ITSD102-3 IT SECURITY PLAN IMPLEMENTATION SCHEDULE lists tasks to be completed (with lines for the completion date) and should be approved by the IT Security Manager, IT Management, and the Security Review Committee.

All Information Technology systems should be identified according to a standard format. Systems identification should include, but not necessarily be limited to, the following:

  • System name and ID;
  • Responsible organization(s);
  • Contact information;
  • Operational status;
  • Description & purpose;
  • Interconnections and information sharing;
  • Applicable regulations; and
  • Information sensitivity.

After any review of the Information Technology Security Plan, the Information Technology Security Manager should be responsible for implementing required updates.

IT Security Implementation Plan Template Details

Pages: 01
Words: 122
Format: Microsoft Word 2013 (.docx)
Language: English
Manual: IT Policies and Procedures Templates
Category: IT Security & Disaster Recovery
Procedure: IT Security Plan Procedure ITSD102
Type: Form

Related Documents

IT Security Plan Template | ITSD102-2

IT Security Plan Template

The Information Technology Security Manager should develop the IT Security Plan with assistance from Information Technology Managers, using ITSD102-2 IT SECURITY PLAN as a guide. The IT Security Plan Template should cover assignment of security responsibility, system operational status, general description/purpose, and more.

The Information Technology Security Manager should communicate the Information Technology Security Plan to all affected persons, distributing the plan to all managers and supervisors, requiring managers and supervisors to communicate the Plan to their staff, and resolving any questions related to the Plan. Information Technology Managers should coordinate employee security training with Human Resources Management. The Information Technology Security Manager should routinely monitor and periodically report (once a quarter, depending on the size of the company and its Information Technology network) to Information Technology Managers on the status of the Information Technology Security Plan.

IT Security Plan Template Details

Pages: 10
Words: 2653
Format: Microsoft Word 2013 (.docx)
Language: English
Manual: IT Policies and Procedures Templates
Category: IT Security & Disaster Recovery
Procedure: IT Security Plan Procedure ITSD102
Type: Form

Related Documents

IT Security Policies / Acceptable Use Policies

Information Security Policy and Procedures Manual

Develop your Information Security Policy and Procedures Manual easily using editable Word templates. This set of downloadable Computer Information Security policy templates is also included in the IT Policies and Procedures Manual. It includes prewritten MS-WORD procedures with forms templates for any information Security department. DOWNLOAD yours now.

Easy Information Security Policy Templates

IT Security Policies

The company should promote information security, and confidence in its ability to not only continuously provide goods and/or services, but also to recover quickly from IT disasters with minimal computer disruptions. The included Information Security Policies help to provide a safe, secure IT environment to serve the company’s customers’ requirements and ensure stability and continuity of the business IT Assets.

This Information Security Policy Manual was developed to assist organizations in preparing a Standard Operating Procedures (SOP) Manual for any industry or business size. It can be custom tailored to fit one’s individual company Information Technology security policy concerns and operations.

Information Security Process

The Information Security Policy Manual outlines the information security process and comes with an acceptable use policy example, computer usage policy for employees, BYOD policy, IT security planning, IT risk assessment and IT security auditing procedures.

Download Your Information Security Policies and Procedures Manual Now!

Improve all aspects of your Information Security policy & procedures, including IT threat-risk assessment, information security planning, incident handling, and more. Save time using prewritten Word IT Security Policy Templates.

Your DOWNLOAD Includes 10 Information Security Policies and Procedures:

15 Information Security Forms:

6 Example IT Job Descriptions:

As well as a “How To” information security policy Manual Preparation Guide that provides an introduction to producing your information security policy manual!

Order Your Information Security Policies and Procedures

The IT Security Policies and Procedures Manual comes with easy-to-edit Microsoft Word document template files, available as a convenient downloadable file. Take advantage of this special package and start saving yourself the time and money to develop this IT Security Policy Template material. Download yours now!

IT Threat-Risk Assessment Report Template | ITSD101-1

IT Threat-Risk Assessment Report Template

The Information Technology Security Manager should create an IT Threat-Risk Assessment Report Template, summarizing assessment findings. ITSD101-1 IT THREAT/RISK ASSESSMENT REPORT should contain the following information, at a minimum:

  • Systems reviewed;
  • Number of threats found this period and last; and
  • A summary of identified threats.

The Information Technology Security Manager should submit the IT Threat-Risk Assessment Report Template to Information Technology Managers and the affected systems’ management for their review. Information Technology Managers and management of the affected systems should determine if preventive actions are required.

The Information Technology Security Manager should periodically review the risk assessment process to ensure its continued timeliness and applicability. Historical data from ITSD101-1 IT THREAT/RISK ASSESSMENT REPORT (i.e., number, nature, and severity of threats over time) should help determine if risks are under control.

IT Threat-Risk Assessment Report Template Details

Pages: 01
Words: 32
Format: Microsoft Word 2013 (.docx)
Language: English
Manual: IT Policies and Procedures Templates
Category: IT Security & Disaster Recovery
Procedure: IT Threat-Risk Assessment Procedure ITSD101
Type: Report

 

IT User Access Control Database Log Template | ITSD106-2

IT User Access Control Database Log Template

The IT User Access Control Database Log Template keeps track of user ID, department, password, access privilege, and more. Users should have direct access only to services and information that they have been specifically authorized to use. Unless expressly authorized, access to all resources and services is denied. The Information Technology Security Manager should maintain ITSD106-2 IT USER ACCESS CONTROL DATABASE for that purpose.

Users must secure their equipment if it is to be unattended for any length of time. Screen locks should automatically activate after 15 minutes of inactivity (users may set screen locks to activate sooner and they should be allowed to activate screen locks immediately, if desired). All communications to external (i.e., Internet-based) resources by way of the company Information Technology network should be restricted to authorized users. Users should apply for permission to access external resources and access should be authorized on a case-by-case basis.

IT User Access Control Database Log Template Details

Pages: 01
Words: 28
Format: Microsoft Word 2013 (.docx)
Language: English
Manual: IT Policies and Procedures Templates
Category: IT Security & Disaster Recovery
Procedure: IT Access Control Procedure ITSD106
Type: Log

Related Documents