03 Policies, Procedures, and Standards

Risk Cypher will maintain the availability of resources for the performance of the following activities:

● Definition and design of a governance lifecycle management program, including cadence for management review, review criteria, and communication to the organization around updates/changes
● Definition of an annual training calendar and program/policy training
● Gathering and obtaining approval on drafted TRM-related documentation
● Aiding the development of TRM program processes/procedures (ex. Issues Management)

Deliverables
In support of the objectives described above, Risk Cypher will also have responsibility for the following deliverables:

● Policy
Information Technology Service Management Policy
Information Security Management Policy
Technology Risk Management Policy
● Standards
Risk & Control Testing Standards (ToD/ToE)
Third-Party Risk Management
Training & Awareness
Logical Access Management
Technology Asset Management
Incident & Problem Management
Data Security (Classification, Handling, DLP)
Issues Management
Business Continuity
Endpoint Protection & Monitoring (Logging/Monitoring/A/V)
Change Management
Secrets Management
Network Security & Operations Management
Secure Software Development Lifecycle
Patch & Vulnerability Management