Aligning your customer’s to a set of standards seems easy. You create questions around privacy, security, and infrastructure and ensure they meet business goals. What if you have outdated, too broad, or non-existent standards? What if you need more and are unsure where to look?
If you are looking to begin or build on your standards library, there are good options included with myITprocess. These templates refer to popular industry best practices and frameworks. Even if you need generic, non-compliance standards, the default template is a great place to begin.
myITprocess Default Template
- Consists of six sections containing 150 questions.
- Covers core and server infrastructure, security, and backup and disaster recovery.
- Generic questions that do not conform to a particular framework or regulatory authority.
- Great for general technology, security, and disaster recovery.
Center for Internet Security Controls 7.1
- Contains 171 questions within 20 “Controls”.
- Covers incident response, account monitoring, malware defense, and more.
- Plain English descriptions and guidance.
Cyber Essentials (UK)
- Straightforward requirements for security and privacy.
- Includes incident response, endpoint security, asset management, and more.
- Sponsored by the UK government, but relevant to anyone.
NIST Privacy Framework 1.0
- Minimize adverse consequences for individuals’ privacy and society as a whole.
- Fulfill current compliance obligations and future-proof products and services to meet these obligations.
- Facilitate communication about privacy practices with stakeholders.
Resources:
www.trumethods.com/myitprocess
https://www.cisecurity.org/controls/
https://www.ncsc.gov.uk/cyberessentials
https://oag.ca.gov/privacy/ccpa
