Co-published by:
About our 30-day
no-obligation trial
Put Information Technology PolicyPro to the test for thirty days, absolutely free, and with no risk whatsoever.
If you’re not satisfied with Information Technology PolicyPro for any reason, simply return the manual and you don’t owe anything.
Information Technology PolicyPro
Establish effective IT governance to minimize risk and maximize your IT investment
Establish effective IT governance to minimize risk and maximize your IT investment
Product at a glance
- Information Technology PolicyPro (ITPP) is a fast, easy, cost-effective way to build a robust IT control framework, an essential component of internal control over financial reporting, effective corporate governance, and risk management.
- ITPP contains a comprehensive collection of ready-to-use model IT policies and procedures. Each policy includes expert advice about why it’s needed, and how it can be implemented and customized. Because this content is included in both the print manual and the PolicyPro™ software application, ITPP is both an authoritative reference work and a powerful tool to create and distribute your own IT policy manual. And the powerful PolicyPro application is fully integrated with Word and Excel, so there's no new software to learn.
- Co-published with the Canadian Institute of Chartered Accountants, ITPP’s policies and procedures are based on authoritative IT control frameworks: the CICA’s Information Technology Control Guidelines (ITCG), and the COBIT framework. It is also a useful tool for auditors, who must obtain an understanding of an organization’s IT control environment under the new audit risk standards.
- Two-volume annual subscription looseleaf service. 6 updates per year. Approximately 700 pages. All content incorporated in PolicyPro software (included in price). Price: $575. Annual renewals: $370.
Authors/Editors
Co-author
Co-author
- Jeffrey D. Sherman, B.Comm., M.B.A., C.A., has over 20 years business experience as Chief Financial Officer of both public and private companies, as a consultant specializing in corporate finance, and has worked for a large chartered bank in various senior capacities. Mr. Sherman has lectured and conducted seminars for many organizations and was an adjunct professor at York University from 1985 - 2000. He has written extensively on contemporary finance, business and accounting issues. For more information about Mr. Sherman, click here.
- Steve Goldwasser, B.Sc., has extensive experience in various capacities directly involved in Information Technology. His career spans over 30 years at IBM Canada Ltd., with responsibilities that included application programming, systems programming, data and systems security, large system performance and capacity planning, application and relational database design and implementation, project management, technical writing, and technical certification.
Contents
Volume I
Volume I
- Introduction
- Control Objectives and Techniques
- Chapter 1.00 - Planning
- 1.01 Strategic Planning
- 1.02 Tactical Planning
- 1.03 Implementation Planning
- 1.04 Site Planning
- 1.05 Risk Assessment
- 1.06 Risk Management
- Chapter 2.00 - Systems Acquisition, Maintenance and Disposal
- 2.01 Accountability for Systems
- 2.02 Systems Acquisition
- 2.03 Recording IT Assets
- 2.04 System Setup
- 2.05 Warranties and Support
- 2.06 Maintenance
- 2.07 Disposal of Hardware
- Chapter 3.00 - Software Acquisition, Implementation and Maintenance
- 3.01 Standard Applications
- 3.02 Application Development and Implementation
- 3.03 Non-standard Software
- 3.04 Standard Application Fixes
- 3.05 Licenses
- 3.06 Software Downloading
- Chapter 4.00 - Systems Management
- 4.01 Computer Naming System Conventions
- 4.02 Role-based User Management
- 4.03 Internet Access
- 4.04 Downloading
- Chapter 5.00 - Data Management
- 5.01 Data Processing Integrity and Validation
- 5.02 Data Backup and Storage
- 5.03 Management of Third Party Services
- 5.04 Database Management
- 5.05 Customer Relationship Management Data
- 5.06 Records Retention
- Chapter 6.00 - Computing Operations and Support
- 6.01 Configuration and Systems Management
- 6.02 Access Administration
- 6.03 System Availability
- 6.04 Service Levels
- 6.05 Operations and Scheduling
- 6.06 Performance and Capacity Management
- 6.07 Corporate Website
- 6.08 Company Intranet
- 6.09 Cost Allocation
- 6.10 Problems and Incident Management
- Chapter 7.00 - Monitoring and Evaluation
- 7.01 IT Effectiveness Reviews
- 7.02 Logging Controls
- 7.03 Internal Audits
- 7.04 Performance and Capacity Reviews
- 7.05 Security Reviews
- 7.06 Software Audit
- Chapter 8.00 - Physical and Systems Security
- 8.01 Physical and Infrastructure Security
- 8.02 Systems Security
- 8.03 User Identification and Passwords
- 8.04 Confidentiality and Privacy
- 8.05 Controls for Viruses, Worms and Malware
- Chapter 9.00 - Data Security
- 9.01 Data Ownership
- 9.02 Data Classification
- 9.03 Data Access Controls
- 9.04 Application Security Controls
- 9.05 Data Disposal
- Chapter 10.00 - Network Security
- 10.01 Network Hardware Connection
- 10.02 Firewall Protection
- 10.03 Remote Access
- 10.04 Wireless Network
- 10.05 Network Intrusion Detection
- 10.06 File Transfer Protocol
- 10.07 Email Security
- 10.08 Instant Messaging
- 10.09 Electronic Commerce
- Chapter 11.00 - Backup and Disaster Planning
- 11.01 Disaster Planning Team
- 11.02 Disaster Notification
- 11.03 Identification of Critical Processes
- 11.04 Backup Schedule
- 11.05 Backup Files Stored Onsite
- 11.06 Backup Files Stored Offsite
- 11.07 Offsite Processing Agreements
- 11.08 Disaster Recovery Plan Testing
- 11.09 Disaster Recovery Plan Review
- 11.10 Disaster Recovery Team
- 11.11 End-user Restrictions
- Chapter 12.00 - Training and Support
- 12.01 IT Staff Training
- 12.02 End-user Training
- 12.03 Customer Support
- Index
