Policies & Process Development

Implement effective security policies and processes

Next Steps:


Many companies have formulated security policies and acquired the latest security products that offer comprehensive protection, but they lack the processes to support these resources. Foundstone security consultants build processes to bridge the gap between security policies and technologies at your organization.

Foundstone Professional Services Policies and Process Development helps you create and implement effective security processes so your company can maintain a solid security posture. We ensure smooth transitions during staff turnover, decrease the risk of disrupting established security processes, and help you maintain appropriate security levels during network redesigns.

Foundstone has spent years assessing and testing security, and recognizes the need for building processes to effectively minimize your vulnerabilities.

Key Benefits

Policy development benefits include:

  • A gap analysis of your existing security policies
  • Assurance that you comply with regulatory requirements (if applicable)
  • Assistance implementing the best practices based upon industry standards like ISO 27001 / 27002

Creating security policies is the first step in building a strategic security program. A key component of making your strategy work is defining enterprise-wide security policies, which dictate how you design and develop the operational and technical controls in your organization.

Foundstone security policy development helps organizations create and implement strategic security programs. We customize policies to meet your security objectives and regulatory requirements, and establish appropriate risk management practices to deliver a favorable return on investment.


Foundstone performs an analysis to review your current processes and identify gaps. This is how Foundstone approaches process creation:

  • Create the following processes that are considered critical for all security programs:
    • Change management
    • Patch management
    • Security monitoring
    • Sever hardening
    • Desktop and laptop hardening
    • Compliance and enforcement (if applicable)
    • Data classification
    • Remote access
    • Risk analysis and assessment
    • Backup and restore
    • Personnel security
    • Data handling, marking, and retention
    • Policy, standards, process creation, approval, and maintenance
  • Create any customized processes you specify

Vulnerability management and incident response are handled by separate service lines, but may be added to this scope if desired.

Foundstone consultants help you create enterprise-wide security policies using our security project engagement methodology:

  • We review your organization’s business, information technology, and security strategies, and match them with your security policy requirements.
  • We evaluate existing policies against current best practices.
  • We review and identify roles and responsibilities for staff members involved with policy definition and enforcement.
  • We interview key personnel within your organization.
  • We document and review policies with you.