If requesting policy development and/or review, and not a full scale I&E, many of the same procedures will take place as in an I&E, but the time involved will be less on site, and more time in research and development. The final report will only include policies and procedures and will not contain recommendations based on I&E findings that would be included in a full I&E. Prior to finalizing the policies, a second meeting will be necessary to go over a draft copy to ensure that policy recommendations can be implemented with relative ease. Furthermore, in preparing policies it is important that subject matter experts have input for industry specific procedures.

The goal of both policy development and review is to research “best practices;” verify that “checks-and-balances” are in place; encourage ethical decision making; and set out requirements to ensure all company records and equipment are properly protected. Further, measures will be outlined relating to building, personnel, and IT security.

Full Scale Inspection & Evaluation | Security Analysis | IT Risk Assesment