If there is one positive result of forcing a total quarantine shut down of businesses world-wide, it is that organizations can understand and verify the power and functionality of a digital transformation.
Organizations can now explore new and untapped opportunities they had not previously considered possible; however, it is crucial that businesses assess, monitor, and re-enforce the proper security controls, policies, and procedures that have been adapted to include total or partial decentralized work environments with remote users.
Your company may find it beneficial to take a page from businesses that have implemented Governance, Risk, and Compliance initiatives already. There are some common policies and procedures that are shared amongst these organizations, regardless of the vertical market they live in.
Here are the most common policies and procedures your company can create to be more secure in this new remote work environment. (Learn More)
| Access Control Policy | Limiting access to confidential information by granting access to specific employees and staff. |
| Administrator Rights Policy | How clients are expected to handle administrative permissions with company devices in order to stay NIST CSF compliant. |
| Audit Log Policy | Logs contain events that occur within client's systems and networks that can be audited. |
| Contingency Planning - Bring Your Own Device (BYOD) | This policy outlines the safeguards to protect PII and other sensitive information when using employee personal devices. |
| Disaster Recovery Plan | After a major disruption, a Disaster Recovery Plan is put into play facilitating a swift return to normal operations. |
| Device Media - Media Sanitation Policy | Removing information from media that can disclose information to unauthorized individuals when such media is reused. |
| Incident Response | Cybersecurity incident response policy that outlines the procedure to take when the Client organization detects unauthorized access or disclosure of private information from systems utilized, housed, maintained, or serviced by the Client organization. |
| Network Security Policy | Safeguards for each server, desktop computer, and wireless computer systems to ensure that appropriate security is maintained, and that access is restricted to authorized employees only. |
| Person or Entity Authentication | Rules that ensure users create strong passwords and prevent them from being guessed or cracked. |
| Physical Environment for Critical Information Policy | The physical area in which environments hold server rooms, data centers, and mainframe computers is organized and well maintained. |
| Public Relations Policy | The purpose of this policy is to work cooperatively with Contigo and the media, when necessary, to disseminate information of public interest and concern in an accurate, complete, and timely manner. |
| Sanction Policy | It is the policy of the client to establish and implement appropriate, fair, and consistent sanctions for employees who fail to follow established policies and procedures, or who commit various offenses. |
| Termination Policy | This policy outlines step to be taken when revoking physical and system access to a former employee. |
| Third-Party Vendor Agreement | Establish a policy governing security requirements for all third-party vendors and business associates in accordance with NIST CSF. |
| Computer Use Policy | Ensuring the employees understand what functions should and should not be performed on company workstations to protect PII. |
| Written Information Security Policy (WISP) | Create effective administrative, technical, and physical safeguards for the protection of personally identifiable information. |