Organizational Management

• Information Security Policy
• Background Checks

Network Security

• Endpoint Security
• Automated Alerting for Security Events
• Network Security Policy

Access Security

• Access Control and Termination Policy
• Encryption-at-Rest
• Encryption and Key Management Policy

Change Management

• Configuration and Asset Management Policy
• Segregation of Environments
• Change Management Policy

Availability

• Backup Restoration Testing
• Testing the Business Continuity and Disaster Recovery Plan
• Business Continuity and Disaster Recovery Policy

Confidentiality

• Data Retention and Disposal Policy
• Disposal of Customer Data
• Data Classification Policy

Physical Security

• Physical Security Policy

Vulnerability Management

• Vulnerability and Patch Management Policy

Incident Response

• Incident Response Plan
• Lessons Learned
• Tracking a Security Incident

Risk Assessment

• Risk Assessment and Treatment Policy
• Risk Assessment

Communications