top of page

Policy & Standards

As information security issues increase in its complexity they demand new and innovative thinking to develop intelligent and creative policy that enables your business. It requires bringing the wider organisation into dialogue and policy stakeholders to consider new approaches and creative solutions which may push traditional boundaries of decision making and security policy implementation.

The CISO365 approach to policy and standards development is to be -


  • Inclusive -  take account of the impact on and meets the needs of all people directly or indirectly affected by the policy

  • Integrated - take a holistic view; looking beyond internal and external organisational boundaries

  • Forward Looking - take a long-term view based on threat, trends and informed predictions

  • Outward Looking - take account of influencing factors in the national and international situation

  • Innovative, Flexible and Creative - questioning ways of dealing with things, encouraging new and creative ideas

  • Evidence-based - based upon the best available evidence from a wide range of sources

  • Monitored and Reviewed - to ensure it is really dealing with problems it was designed to solve

  • Evaluated - evaluation of the effectiveness of policy is built into the policy making process

  • Learns Lessons -  evolved from experience of what works and what does not

This ensures that wider technology and business aspects are built in, including -


  • Company Strategy (e.g Client First, Cloud First, Automate Everything)

  • Global Events (e.g Wannacry, NotPetya, Advanced Persistent Threats)

  • Legalisation, Regulation, Contractual (e.g GDPR and Privacy)

  • Industry Best Practice (e.g ISO27001, NIST, NCSC)

  • Technology Change (e.g Bring Your Own Device, Cloud, Virtualisation)

  • Client Expectations (e.g Faster, Cheaper, Better)

The results, you have clear, organisationally aligned and integrated information security policy and standards in place that meet legislative, regulatory & client requirements and expectations and are in line with the organisation risk appetite.
bottom of page