03 Policies, Procedures, and Standards

Risk Cypher will support the re-design, enhancements, and development of core governance documentation as needed and directed by the client.

03 Policies, Procedures, and Standards

Risk Cypher will maintain the availability of resources for the performance of the following activities:

● Definition and design of a governance lifecycle management program, including cadence for management review, review criteria, and communication to the organization around updates/changes
● Definition of an annual training calendar and program/policy training
● Gathering and obtaining approval on drafted TRM-related documentation
● Aiding the development of TRM program processes/procedures (ex. Issues Management)

Deliverables
In support of the objectives described above, Risk Cypher will also have responsibility for the following deliverables:

● Policy
Information Technology Service Management Policy
Information Security Management Policy
Technology Risk Management Policy
● Standards
Risk & Control Testing Standards (ToD/ToE)
Third-Party Risk Management
Training & Awareness
Logical Access Management
Technology Asset Management
Incident & Problem Management
Data Security (Classification, Handling, DLP)
Issues Management
Business Continuity
Endpoint Protection & Monitoring (Logging/Monitoring/A/V)
Change Management
Secrets Management
Network Security & Operations Management
Secure Software Development Lifecycle
Patch & Vulnerability Management