A: YES. Syrinx Technologies strongly recommends that accurate and comprehensive policies and procedures be developed before any money is spent on security hardware, software or services. After all, how do you program a firewall without knowing specifically what network traffic is being allowed and denied? A well written set of policies and procedures will guide all future security implementations.
A: The typical policy audit consists of two phases. In Phase 1, Syrinx Technologies will read and study all of the existing IT policy and procedure documentation. Syrinx Technologies will then make recommendations as needed to add material to the existing documents or to suggest new policy documents. Phase 2 of the audit consists of taking a sampling of the policy and procedure documents and verifying that they are actually followed by sitting down with employees and watching them perform common tasks. This ensures that everyday practice is in compliance with written procedures.
|