Professional Documents
Culture Documents
Solution Overview
Solution Governance, oversight, and regulatory compliance are key to the success of an organization.
At-a-Glance: Setting expectations through policy, defined procedures, and underlying standards are critical to
secure confidential information assets.
Fulfill regulatory and legal
requirements to perform
To identify and resolve the risks associated with the organizations information security program,
regular risk assessments of
the design of information
it should be assessed for adequacy and effectiveness.
security controls
Focused primarily on the design of the organization’s security controls, Halock will review the
Identify gaps in policies, organization's documented information security policies, standards and procedures. Halock will
procedures, and standards
conduct interviews with key organization resources where documentation is unavailable or
that could result in regula-
otherwise deemed appropriate. The objective of the assessment is to ensure that the contents of
tory issues
the security program adequately address the requirements and intent of relevant compliance
Determine if existing gov- frameworks and/or standards, such as ISO 27002 or other suitable security frameworks
ernance, risk management
applicable to the organization’s requirements.
practices, and oversight of
sensitive information han-
Each document will be reviewed in terms of overall content, consistency with other policies and
dling adequately protects
standards, effectiveness of specific language or terminology used, intended audience, methods of
the organization from breach
or incident communication to that audience, and methods of enforcement.
Receive recommendations Halock will conduct interviews, as appropriate, with key individuals regarding security policies,
for continual improvement of procedures, and standards to collect required data for review. Halock can perform an in depth
the security program
analysis of the design and content of policies, procedures, and related standards, identifying
ISO 27002 is referenced as applicability and compliance with security control objectives .
the default standard
1834 Walden Office Square, Suite 150 * Schaumburg, IL 60173 * 847.221.0200 * www.halock.com
847.221.0200 halock.com
Halock will interview key resources, typically including the following roles. Please indicate additional resources that will
interviewed as part of this process:
ISO 27002 is referenced as the default standard for controls. Please specify additional standards (such as CobiT, FFIEC
guidelines, etc) that should be incorporated into the scope of review:
1834 Walden Office Square Suite 150 * Schaumburg, IL 60173 * 847.221.0200 * www.halock.com