First Reference

Compliance made easy®

You are here: Home / PolicyPro / Information Technology

Information Technology PolicyPro® From Policy to Signoff 

In·ter·nal Con·trol

Made for Canadian CTOs, CFOs and IT Professionals

Today, information technology plays a central role in most operational processes. As a result, the importance of controlling IT cannot be understated. Control failures can do pervasive and lasting damage to an organization, while strong controls make operations more efficient, effective and minimize the countless IT-related risks across an organization.

Documented policies are the foundation of the internal controls needed to protect your organization from IT risk.

Internal control processes are essential for effective strategy and execution. Consider these benefits:

  • They provide a systematic approach to administering business operations consistently, fairly and efficiently.
  • They assign tasks and responsibilities to specific individuals or departments.
  • They explain tasks and convey additional information in an easy-to-understand format.
  • They document consistency and fairness, which may be important for legal or regulatory reasons.
  • They provide employees with guidance in dealing with new situations.
  • They introduce efficiencies and minimum standards.
  • They ensure that required standards for corporate governance are achieved.
  • They ensure that accountability is maintained with the immediate managers, including responsibility for Standard Operating Procedure training and enforcement, and approval authorization.
  • They ensure compliance with applicable laws.

Information Technology PolicyPro (ITPP) is the leading source for up-to-date model policies and commentary based on Canadian compliance and best practice. Thousands of organizations across Canada depend on PolicyPro to ensure their policies and procedures are up to date, to meet minimum legal requirements and best practices, to reduce risk and to improve operational effectiveness.

Au·thor·i·ty

Expert Policy Templates and Guidance

Information Technology PolicyPro offers a complete and authoritative set of model policies written for the complicated and extensive demands of IT risk management and control, including systems and data management, security, user behaviour and responsibilities.

ITPP provides:

  • A practical and effective method to plan, implement and review IT controls in the context of your business strategy
  • 170+ sample policies, forms and checklists prepared and updated regularly by subject-matter experts
  • A weekly e-newsletter, Inside Policies™, reports new and revised policies and why the changes are important
  • Expert commentary outlining why each policy is needed, the compliance requirements and options to consider when customizing the policy template
  • Policies tied to the most authoritative IT control frameworks, ITCG and CobiT, to ensure your policies are complete and comprehensive
  • Plus, PolicyPro includes a secure and easy-to-use online application for creating, customizing and updating policies; distributing them to managers, staff and contractors; ensuring everyone reads them; getting signoff; producing reports; and notifying everyone of news, policy changes and required postings.

Start your free 30-day trial of PolicyPro®

No credit card, no obligation!

Sign Up Today

Information Technology PolicyPro Model Policies

In PolicyPro, you’ll find an expert-prepared and compliance-focused policy template for all your organizational needs. PolicyPro also makes it easy to modify and update policies and add your own.

The following lists many of the unique policies essential for IT risk management included with ITPP.

Planning

  • Strategic Planning
  • Tactical Planning
  • Implementation Planning
  • Site Planning
  • Risk Assessment
  • Risk Management

Systems Acquisition, Maintenance and Disposal

  • Accountability for Systems
  • Systems Acquisition
  • Recording IT Assets
  • System Setup
  • Warranties and Support
  • Maintenance
  • Disposal of Hardware

Software Acquisition, Implementation and Maintenance

  • Standard Applications
  • Application Development and Implementation
  • Non-standard Software
  • Standard Application Fixes
  • Licenses
  • Software Downloading

Systems Management

  • Computer Naming System Conventions
  • Role-based User Management
  • Internet Access
  • Downloading

Data Management

  • Data Processing Integrity and Validation
  • Data Backup and Storage
  • Management of Third-Party Services
  • Database Management
  • Customer Relationship Management Data
  • Records Retention

Computing Operations and Support

  • Configuration and Systems Management
  • Access Administration
  • System Availability
  • Service Levels
  • Operations and Scheduling
  • Performance and Capacity Management
  • Corporate Website
  • Company Intranet
  • Cost Allocation
  • Problems and Incident Management

Monitoring and Evaluation

  • IT Effectiveness Reviews
  • Logging Controls
  • Internal Audits
  • Performance and Capacity Reviews
  • Security Reviews
  • Software Audit

Physical and Systems Security

  • Physical and Infrastructure Security
  • Systems Security
  • User Identification and Passwords
  • Confidentiality and Privacy
  • Controls for Viruses, Worms and Malware

Data Security

  • Data Ownership
  • Data Classification
  • Data Access Controls
  • Application Security Controls
  • Data Disposal
  • Data Encryption

Network Security

  • Network Hardware Connection
  • Firewall Protection
  • Remote Access
  • Wireless Network
  • Network Intrusion Detection
  • File Transfer Protocol
  • Email Security
  • Instant Messaging
  • Electronic Commerce

Backup and Disaster Planning

  • Disaster Planning Team
  • Disaster Notification
  • Identification of Critical Processes
  • Backup Schedule
  • Backup Files Stored Onsite
  • Backup Files Stored Offsite
  • Offsite Processing Agreements
  • Disaster Recovery Plan Testing
  • Disaster Recovery Plan Review
  • Disaster Recovery Team
  • End-user Restrictions

Training and Support

  • IT Staff Training
  • End-user Training
  • Customer Support

User Responsibilities

  • System Access and Acceptable Use
  • Data Access and Data Protection
  • Passwords
  • Email Acceptable Use
  • Internet Access and Acceptable Use
  • Clear and Locked Screen
  • Removable Media
  • Portable Computers
  • Remote Acesss – Users

Mobile Device Management: BYOD

  • BYOD: Acceptable Devices and Operating Systems
  • BYOD: Systems Access and Acceptable Use
  • Security for BYOD Devices
  • Maintenance and Support for BYOD Devices Email Acceptable Use
  • Employee Agreements for BYOD Participation
  • Compensation for BYOD

Start your free 30-day trial of PolicyPro®

No credit card, no obligation!

Sign Up Today

Author and Editorial Team

Content Editor

Apolone Gentles, JD, CPA, CGA, FCCA, is an Ontario lawyer and editor with over 20 years of business experience.

Ms. Gentles has held senior leadership roles in non-profit organizations, leading finance, human resources, information technology and facilities teams. She has also held senior roles in audit and assurance at a “Big Four” audit firm. Apolone has also lectured in auditing, economics and business at post-secondary schools.

Managing Editor

Yosie Saint-Cyr, LL.B., was called to the Quebec bar in 1988 and is a member in good standing. She practised business, employment and labour law until 1999 before becoming Managing Editor at First Reference.

Yosie is responsible for the high-quality, up-to-date content for employment law services and the Internal Controls Library. She is currently enrolled in the Osgoode Professional LLM degree program.

Author Emeritus

Jeffrey D. Sherman, Bcomm, MBA, CIM, FCPA, FCA, has over 20 years of executive management experience. He is a former director or CFO of several public companies. His extensive knowledge and experience includes corporate governance, risk management, accounting and finance, restructuring and start-up enterprises.

Mr. Sherman has lectured and conducted seminars for many organizations and was an adjunct professor at York University for 15 years. He is a popular course director and course author for many organizations, including The Chartered Professional Accountants of Canada (CPA Canada) and other provincial institutes of chartered professional accountants and law societies. He has written many books and articles on finance and accounting.

Steve Goldwasser, BSc, also contributed to ITPP for many years.

CPA Canada

Part·ner·ship

Co-marketed with CPA Canada®

First Reference and CPA Canada have worked together for over 15 years to market PolicyPro’s Internal Control Library, including Information Technology PolicyPro®, Finance & Accounting PolicyPro®, Not-for-Profit PolicyPro® and, more recently, PaySource®.

CPA Canada believes that these publications are useful to practitioners who provide assistance to clients to develop and implement sound internal controls, as well as to those working in business who have responsibility for these matters.

Print ISSN 1911-5873  |  Online ISSN 1923-8916

Start your free 30-day trial of PolicyPro®

No credit card, no obligation!

Sign Up Today

About First Reference

Established in 1995, First Reference Inc. (known as La Référence in Quebec) provides Canadian organizations of any size with practical and authoritative resources to help ensure compliance.

Stay Connected