From policy to sign-off ™

Co-marketed with

The leading source for up-to-date model policies based on Canadian compliance and best practice.
- A practical and effective method to plan, implement and review IT controls in the context of your business strategy
- 150+ sample policies, forms and checklists for systems and data management, security, disaster planning and more
- All documents prepared and updated regularly by subject-matter experts
- Weekly e-newsletter, Inside Policies™, reports new and revised policies and why the changes are important
- Expert commentary outlines why each policy is needed, the compliance requirements and options to consider when customizing the policy template
- Policies are tied to the most authoritative IT control frameworks, ITCG and CobiT, to ensure your policies are complete and comprehensive
Choose the PolicyPro that meets your needs | PolicyPro | PolicyPro Plus |
---|---|---|
Content and Updates | ||
Complete set of model accessibility policies and forms | ✔️ | ✔️ |
Commentary by subject-matter experts outlines needs and considerations for each policy | ✔️ | ✔️ |
Policy and form templates continuously updated for changes in compliance and best practice | ✔️ | ✔️ |
Weekly newsletter, Inside Policies, informs you of revised and new policies and why they’re important | ✔️ | ✔️ |
Includes over 1,000 sample policies and forms for HR, payroll, finance, accessibility and not-for-profits | – | ✔️ |
PolicyPro Software | ||
Create, update and archive your policies and procedures online | ✔️ | ✔️ |
Number of policy and procedure manuals that you can build | 3 | 12 |
Use or revise existing quizzes or create new ones to ensure employees read and understand each policy | ✔️ | ✔️ |
Post policies and quizzes to employees’ online accounts | Up to 50 employees | 500 employees |
Reports track successful completion of assigned policies | ✔️ | ✔️ |
Employee bulletin board to share company memos and required postings | ✔️ | ✔️ |
Communicate with staff using built-in email functionality | ✔️ | ✔️ |
Secure and centralized document storage | ✔️ | ✔️ |
Support | ||
On-boarding to help you get your policies and manuals online | ✔️ | ✔️ |
In-context help and technical support | ✔️ | ✔️ |
Ask the Editor your questions about content and suggest new policies | ✔️ | ✔️ |
$ 995 /year | $ 2,495 /year |
Start your free 30-day trial of PolicyPro®
No credit card, no obligation!
Information Technology PolicyPro Model Policies
Planning
- Strategic Planning
- Tactical Planning
- Implementation Planning
- Site Planning
- Risk Assessment
- Risk Management
Systems Acquisition, Maintenance and Disposal
- Accountability for Systems
- Systems Acquisition
- Recording IT Assets
- System Setup
- Warranties and Support
- Maintenance
- Disposal of Hardware
Software Acquisition, Implementation and Maintenance
- Standard Applications
- Application Development and Implementation
- Non-standard Software
- Standard Application Fixes
- Licenses
- Software Downloading
Systems Management
- Computer Naming System Conventions
- Role-based User Management
- Internet Access
- Downloading
Data Management
- Data Processing Integrity and Validation
- Data Backup and Storage
- Management of Third-Party Services
- Database Management
- Customer Relationship Management Data
- Records Retention
Computing Operations and Support
- Configuration and Systems Management
- Access Administration
- System Availability
- Service Levels
- Operations and Scheduling
- Performance and Capacity Management
- Corporate Website
- Company Intranet
- Cost Allocation
- Problems and Incident Management
Monitoring and Evaluation
- IT Effectiveness Reviews
- Logging Controls
- Internal Audits
- Performance and Capacity Reviews
- Security Reviews
- Software Audit
Physical and Systems Security
- Physical and Infrastructure Security
- Systems Security
- User Identification and Passwords
- Confidentiality and Privacy
- Controls for Viruses, Worms and Malware
Data Security
- Data Ownership
- Data Classification
- Data Access Controls
- Application Security Controls
- Data Disposal
- Data Encryption
Network Security
- Network Hardware Connection
- Firewall Protection
- Remote Access
- Wireless Network
- Network Intrusion Detection
- File Transfer Protocol
- Email Security
- Instant Messaging
- Electronic Commerce
Backup and Disaster Planning
- Disaster Planning Team
- Disaster Notification
- Identification of Critical Processes
- Backup Schedule
- Backup Files Stored Onsite
- Backup Files Stored Offsite
- Offsite Processing Agreements
- Disaster Recovery Plan Testing
- Disaster Recovery Plan Review
- Disaster Recovery Team
- End-user Restrictions
Training and Support
- IT Staff Training
- End-user Training
- Customer Support
User Responsibilities
- System Access and Acceptable Use
- Data Access and Data Protection
- Passwords
- Email Acceptable Use
- Internet Access and Acceptable Use
- Clear and Locked Screen
- Removable Media
- Portable Computers
- Remote Acesss – Users
Mobile Device Management: BYOD
- BYOD: Acceptable Devices and Operating Systems
- BYOD: Systems Access and Acceptable Use
- Security for BYOD Devices
- Maintenance and Support for BYOD Devices Email Acceptable Use
- Employee Agreements for BYOD Participation
- Compensation for BYOD
Author and Editorial Team
Author
Jeffrey D. Sherman, Bcomm, MBA, CIM, FCPA, FCA, has had over 20 years of executive management experience. He is a former director or CFO of several public companies. His extensive knowledge and experience includes corporate governance, risk management, accounting and finance, restructuring and start-up enterprises.
Mr. Sherman has lectured and conducted seminars for many organizations and was an adjunct professor at York University for 15 years. He is a popular course director and course author for many organizations, including The Chartered Professional Accountants of Canada (CPA Canada) and other provincial institutes of chartered professional accountants and law societies, and has written many books and articles on finance and accounting.
Co-marketed with

Content Editor
Apolone Gentles, JD, CPA, CGA, FCCA, is an Ontario lawyer and editor with over 20 years of business experience.
Ms. Gentles has held senior leadership roles in non-profit organizations, leading finance, human resources, information technology and facilities teams. She has also held senior roles in audit and assurance at a “Big Four” audit firm. Apolone has also lectured in auditing, economics and business at post-secondary schools.
Managing Editor
Yosie Saint-Cyr, LLB, was called to the Quebec bar in 1988 and is a member in good standing. She practised business, employment and labour law until 1999 before becoming Managing Editor at First Reference.
Yosie is responsible for the high-quality, up-to-date content for employment law services and the Internal Controls Library. She is currently enrolled in the Osgoode Professional LLM degree program.
Print ISSN 1911-5873 | Online ISSN 1923-8916
Start your free 30-day trial of PolicyPro®
No credit card, no obligation!