A review all existing company policies, procedures, documents and client compliance requests.
What is the Policy GAP Analysis?
The Policy GAP Analysis is used to understand your company's current compliance posture. As part of your Risk Assessment, the Choice CyberSecurity team will review all of your existing policies, procedures and compliance documentation to identify any missing resources that will be a necessary part of the results from this assessment.
We will then organize and upload your existing policies and procedures as evidence into your RiskTitan Compliance Framework(s). A detailed summary of any missing policies and procedures will be provided in the Executive Summary.
There is no such thing as too much documentation in our world. If you do not have any company policies, procedures or handbooks, please upload any existing documentation that outlines how you conduct business today. Any and all resources could potentially help us conduct our Risk Assessment more efficiently and serve as proof of compliance for your organization.
Please gather any and all existing company policies, procedures and employee handbooks. When you are ready, click the link below to upload your resources for review.
What We Need
Here is a list of resources that we need to complete our Policy GAP Analysis. The lists provided are for reference, we encourage you to upload as much as possible.
- Company Handbook(s): We find that a lot of our clients are currently meeting Compliance policy or procedure requirements in their company handbook(s).
- Policies: Guiding principles used to meet Compliance requirements and company standards. We are looking for policies that address your organization's:
- Physical & Information Security
- Communications, Disaster Recovery & Incident Response
- Acceptable Use, Teleworking, Mobile Devices, Employee Awareness & Training
- Vendor, Applications & Compliance Management
- Information Usage, Asset & Media Management
- Procedures: The detailed methods and steps to implement policy standards. These are typically referred to as Standard Operating Procedures (SOPs) and identify how tasks are performed within your organization.
- Compliance Documentation: Any additional documents that may help us during thid process. Including but not limited to:
- Previous Audit or Vulnerability Scan Reports
- Compliance Goals, Resources or Existing Compliance Initiatives
Client or Vendor Requests: Client or Vendor requests asking your organization to meet specific security or compliance requirements. These are often provided in a spreadsheet or form for your team to complete. We find that a request might state a specific compliance but have additional components that are not in the standard compliance framework. In order to meet your specific needs, we want to review your compliance requests to ensure all components are included within this Risk Assessment.
Please do not create any additional resources for this project. Our goal is to evaluate what you have in place today and help you create resources for the future.
Why We Need It
We will use your existing company policies, procedures and documentation to complete your Policy GAP Analysis and preliminarily complete your Compliance Questionnaire in order to maximize our time spent together. When a client has a large number of documents to review, it can take our team a lot of time. We want to get started reviewing as soon as possible!