8 Preparing Policies and Procedures to Avoid Internal Risk

In the previous chapter, we’ve been through the main principles for deciding what to use and how to use it in terms of controls and risk management related to our entity. As already explained, if we buy off-the-shelf software, there is no need to implement controls related to software (just remember to keep them beside our Statement of Applicability) and so on. However, once we decide to use some controls, we will need to prepare (or update) our policy and procedures accordingly.

In this chapter, we will go through all this, with a hands-on flavor: in fact, my aim is to also give you a good amount of practical tips on how to write down policies (and procedures).

We’ll have a (one-way, ...

Get Cybersecurity and Privacy Law Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Cybersecurity and Privacy Law Handbook by Walter Rocchi

8

Preparing Policies and Procedures to Avoid Internal Risk

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly