Policy & Process Check

Establish enforceable security policies

Next Steps:


Strong policies and processes are the foundation of a successful information security program. Establishing and maintaining well-defined, comprehensive information security policies that support business goals and objectives is essential to all security programs. To be effective, information security policies and directives need to be supported by manageable enforcement processes.

Foundstone Professional Services offers the Policy & Process Check to quickly determine the status of current policies and procedures and help your organization develop enterprise-wide information security programs.

Key Benefits

  • Evaluate current programs
    Quickly determine the status of current policies and procedures.
  • Develop company-wide programs
    Foundstone builds enterprise-wide information security programs that meet both organizational objectives and regulatory requirements.
  • Enjoy a favorable return on investment
    Instituting appropriate risk management practices can positively impact the company’s bottom line.


Foundstone reviews and assesses the status of the following polices and their associated procedures:

  • Data access
  • Application access
  • Software
  • Privacy
  • Information ownership and data classification
  • Business resumption planning
  • Incident handling
  • Remote access
  • Systems design and development
  • Risk analysis and assessment
  • Training and awareness
  • Backup and restore
  • Change management
  • Personnel security
  • Environmental security
  • Data handling, marking, and retention
  • Documentation and data classification
  • Policy, standards, process creation, approval, and maintenance