Information Technology PolicyPro

Ready-to-Use Policies You Can Trust

Product at a glance
Authors/Editors
Contents

Co-published with the CICA, Information Technology PolicyPro contains the necessary tools and resources to help you establish and maintain robust information technology controls. Updated four times a year, the publication offers:

Resources to quickly understand what policies are needed, build a comprehensive policy and procedure manual, and keep it up to date
Access to over 75 information technology model policies in ready-to-use format dealing with security, including physical, systems, data and network security, backup and disaster planning, disaster recovery, and user responsibilities
Sample policies and procedures tied to the most authoritative IT control frameworks, the Information Technology Control Guidelines (ITCG) from CICA, and the Control Objectives for Information and Related Technology (CobiT) framework from the Information Systems Audit and Control Association
A way to quickly identify and implement the policies and procedures that address the ITCG and CobiT control objectives
Model policies that govern processes involved with internal control over financial reporting (ICOFR)
Information on how to comply with applicable laws, including privacy legislation, records retention law, copyright and intellectual property laws
Free 30-day trial. Affordable subscription rate to fit any budget: one year ITPP subscription $625, annual renewals $295

Co-author

Jeffrey D. Sherman, B.Comm., M.B.A., C.A., has over 20 years business experience as Chief Financial Officer of both public and private companies, as a consultant specializing in corporate finance, and has worked for a large chartered bank in various senior capacities. Mr. Sherman has lectured and conducted seminars for many organizations and was an adjunct professor at York University from 1985 - 2000. He has written extensively on contemporary finance, business and accounting issues. For more information about Mr. Sherman, click here.

Co-author

Steve Goldwasser, B.Sc., has extensive experience in various capacities directly involved in Information Technology. His career spans over 30 years at IBM Canada Ltd., with responsibilities that included application programming, systems programming, data and systems security, large system performance and capacity planning, application and relational database design and implementation, project management, technical writing, and technical certification.

Looseleaf Version
The looseleaf manuals contain comprehensive, straightforward, authoritative and current guidance on the issues essential for the disciplined, efficient and secure operation of the IT department within your organization.

(Click on the links below to learn more.)

Volume I

Introduction
Control Objectives and Techniques
- 1.01 Strategic Planning
- 1.02 Tactical Planning
- 1.03 Implementation Planning
- 1.04 Site Planning
- 1.05 Risk Assessment
- 1.06 Risk Management
- 2.01 Accountability for Systems
- 2.02 Systems Acquisition
- 2.03 Recording IT Assets
- 2.04 System Setup
- 2.05 Warranties and Support
- 2.06 Maintenance
- 2.07 Disposal of Hardware
- 3.01 Standard Applications
- 3.02 Application Development and Implementation
- 3.03 Non-standard Software
- 3.04 Standard Application Fixes
- 3.05 Licenses
- 3.06 Software Downloading
- 4.01 Computer Naming System Conventions
- 4.02 Role-based User Management
- 4.03 Internet Access
- 4.04 Downloading
- 5.01 Data Processing Integrity and Validation
- 5.02 Data Backup and Storage
- 5.03 Management of Third Party Services
- 5.04 Database Management
- 5.05 Customer Relationship Management Data
- 5.06 Records Retention
- 6.01 Configuration and Systems Management
- 6.02 Access Administration
- 6.03 System Availability
- 6.04 Service Levels
- 6.05 Operations and Scheduling
- 6.06 Performance and Capacity Management
- 6.07 Corporate Website
- 6.08 Company Intranet
- 6.09 Cost Allocation
- 6.10 Problems and Incident Management
- 7.01 IT Effectiveness Reviews
- 7.02 Logging Controls
- 7.03 Internal Audits
- 7.04 Performance and Capacity Reviews
- 7.05 Security Reviews
- 7.06 Software Audit

Volume II

- 8.01 Physical and Infrastructure Security
- 8.02 Systems Security
- 8.03 User Identification and Passwords
- 8.04 Confidentiality and Privacy
- 8.05 Controls for Viruses, Worms and Malware
- 9.01 Data Ownership
- 9.02 Data Classification
- 9.03 Data Access Controls
- 9.04 Application Security Controls
- 9.05 Data Disposal
- 10.01 Network Hardware Connection
- 10.02 Firewall Protection
- 10.03 Remote Access
- 10.04 Wireless Network
- 10.05 Network Intrusion Detection
- 10.06 File Transfer Protocol
- 10.07 Email Security
- 10.08 Instant Messaging
- 10.09 Electronic Commerce
- 11.01 Disaster Planning Team
- 11.02 Disaster Notification
- 11.03 Identification of Critical Processes
- 11.04 Backup Schedule
- 11.05 Backup Files Stored Onsite
- 11.06 Backup Files Stored Offsite
- 11.07 Offsite Processing Agreements
- 11.08 Disaster Recovery Plan Testing
- 11.09 Disaster Recovery Plan Review
- 11.10 Disaster Recovery Team
- 11.11 End-user Restrictions
- 12.01 IT Staff Training
- 12.02 End-user Training
- 12.03 Customer Support
- 13.01 System Access and Acceptable Use
- 13.02 Data Access and Data Protection
- 13.03 Passwords
Index

Electronic Version

Provides an easy way to build, maintain and distribute a policy manual
Contains over 75 policies in ready-to-use format
Full description of the Guides is available here.
- Building an Effective Policy & Procedure Manual