Information Technology PolicyPro

Ready-to-Use Policies You Can Trust

Product at a glance
Authors/Editors
Contents

Co-published with the CICA, Information Technology PolicyPro (ITPP) helps you establish and maintain robust IT controls. Refer to the ITPP looseleaf manuals for straightforward, authoritative and current guidance on the issues essential for the disciplined, efficient and secure operation of an IT department. Use the ITPP electronic version to build a policy manual from easily customizable model policies. Updated four times a year, ITPP offers:

Resources to quickly understand what policies are needed, build a comprehensive policy manual and keep it up to date
Over 85 sample information technology policies and procedures which may either be used "as is" or edited to fit your preferences
Policies and procedures tied to the most authoritative IT control frameworks, the Information Technology Control Guidelines (ITCG) from CICA, and the Control Objectives for Information and Related Technology (CobiT) framework from the Information Systems Audit and Control Association
A way to quickly identify and implement the policies and procedures that address the ITCG and CobiT control objectives
Policies that govern processes involved with internal control over financial reporting (ICOFR)
Information dealing directly with security, including physical, systems, data and network security, backup and disaster planning, disaster recovery, and user responsibilities
Information on how to comply with applicable laws, including privacy legislation, records retention law, copyright and intellectual property laws
Free 30-day trial. One year ITPP subscription $675, annual renewals $350

Co-author

Jeffrey D. Sherman, MBA, FCSI, FCA, has over 20 years business experience as chief financial officer and as an author, lecturer and professor focussing on corporate finance. Mr. Sherman has lectured and conducted seminars on topics such as corporate governance, internal control, treasury and derivatives, advanced accounting issues, cash management, and risk management. He has presented to many different organizations including the Treasury Management Association of Canada, Canadian Bar Association, Law Society of Upper Canada, Institute of Chartered Accountants of Ontario, Canadian Management Association, Infonex, Insight, Acumen, Institute of Chartered Accountants of Nova Scotia, Institute of Chartered Accountants of Manitoba. More...

Co-author

Steve Goldwasser, B.Sc., has extensive experience in various capacities directly involved in Information Technology. His career spans over 30 years at IBM Canada Ltd., with responsibilities that included application programming, systems programming, data and systems security, large system performance and capacity planning, application and relational database design and implementation, project management, technical writing, and technical certification.

Looseleaf Version
The looseleaf manuals contain comprehensive, straightforward, authoritative and current guidance on the issues essential for the disciplined, efficient and secure operation of the IT department within your organization.

(Click on the links below to learn more.)

Volume I

Introduction
Control Objectives and Techniques
- 1.01 Strategic Planning
- 1.02 Tactical Planning
- 1.03 Implementation Planning
- 1.04 Site Planning
- 1.05 Risk Assessment
- 1.06 Risk Management
- 2.01 Accountability for Systems
- 2.02 Systems Acquisition
- 2.03 Recording IT Assets
- 2.04 System Setup
- 2.05 Warranties and Support
- 2.06 Maintenance
- 2.07 Disposal of Hardware
- 3.01 Standard Applications
- 3.02 Application Development and Implementation
- 3.03 Non-standard Software
- 3.04 Standard Application Fixes
- 3.05 Licenses
- 3.06 Software Downloading
- 4.01 Computer Naming System Conventions
- 4.02 Role-based User Management
- 4.03 Internet Access
- 4.04 Downloading
- 5.01 Data Processing Integrity and Validation
- 5.02 Data Backup and Storage
- 5.03 Management of Third Party Services
- 5.04 Database Management
- 5.05 Customer Relationship Management Data
- 5.06 Records Retention
- 6.01 Configuration and Systems Management
- 6.02 Access Administration
- 6.03 System Availability
- 6.04 Service Levels
- 6.05 Operations and Scheduling
- 6.06 Performance and Capacity Management
- 6.07 Corporate Website
- 6.08 Company Intranet
- 6.09 Cost Allocation
- 6.10 Problems and Incident Management
- 7.01 IT Effectiveness Reviews
- 7.02 Logging Controls
- 7.03 Internal Audits
- 7.04 Performance and Capacity Reviews
- 7.05 Security Reviews
- 7.06 Software Audit

Volume II

- 8.01 Physical and Infrastructure Security
- 8.02 Systems Security
- 8.03 User Identification and Passwords
- 8.04 Confidentiality and Privacy
- 8.05 Controls for Viruses, Worms and Malware
- 9.01 Data Ownership
- 9.02 Data Classification
- 9.03 Data Access Controls
- 9.04 Application Security Controls
- 9.05 Data Disposal
- 9.06 Data Encryption
- 10.01 Network Hardware Connection
- 10.02 Firewall Protection
- 10.03 Remote Access
- 10.04 Wireless Network
- 10.05 Network Intrusion Detection
- 10.06 File Transfer Protocol
- 10.07 Email Security
- 10.08 Instant Messaging
- 10.09 Electronic Commerce
- 11.01 Disaster Planning Team
- 11.02 Disaster Notification
- 11.03 Identification of Critical Processes
- 11.04 Backup Schedule
- 11.05 Backup Files Stored Onsite
- 11.06 Backup Files Stored Offsite
- 11.07 Offsite Processing Agreements
- 11.08 Disaster Recovery Plan Testing
- 11.09 Disaster Recovery Plan Review
- 11.10 Disaster Recovery Team
- 11.11 End-user Restrictions
- 12.01 IT Staff Training
- 12.02 End-user Training
- 12.03 Customer Support
- 13.01 System Access and Acceptable Use
- 13.02 Data Access and Data Protection
- 13.03 Passwords
- 13.04 Email Acceptable Use
- 13.05 Internet Access and Acceptable Use
- 13.06 Clear and Locked Screen
- 13.07 Removable Media
- 13.08 Portable Computers
- 13.09 Remote Acesss - Users
Index

Electronic Version

Provides an easy way to build, maintain and distribute a policy manual
Contains over 75 policies in ready-to-use format