Why write PCI DSS and ISO27001 Policies?

By Sarah Bradshaw

July 1, 2008

Writing IT Security and Compliance Policies is a bit like painting the Forth Bridge, once you have finished, the regulations change, technology changes and it all begins again.

This particular compliance requirement is a major headache for most organisations, but is an essential part of the overall governance programme.  Getting policies right can be a costly and time consuming exercise, on average 3 months if developed internally, according to research carried out by Baronscourt. Who wants to go through that process over and over again?   

At a recent PCI DSS Forum meeting held in Central London, Branko Lolich, Data Security Manager EMEA for American Express, stressed the importance of ensuring that compliance and policy management are an ongoing process by saying ‘…..a company could very easily be compliant one day, and then become non compliant the next, without even realising it.’  

So, must you continue to write these policies internally?

Not according to Baronscourt, who today announce their exclusive partnership with policy content experts Information Shield, a partnership designed specifically to offer a comprehensive solution to the increasing burden of IT Security policies.

“Information security policies are not effective unless they are written, updated and enforced throughout the organization” said David Lineman, President of Information Shield. “Our leading library of security policies combined with the robust policy enforcement of Baronscourt makes a great partnership and an effective end-to-end solution for organizations that must comply with data protection regulations.”

The PolicyShield ™ Policy Subscription Service is the most effective way to build and maintain written information security policies. The policy library contains over 1500 pre-written information security policies mapped to the major regulatory frameworks including ISO 27001 and PCI DSS.  In addition, subscribers receive quarterly policy updates in response to the latest technologies, threats, and regulatory changes, including real-world security incidents mapped to individual policies to help mitigate the risks of these incidents occurring within your business.  Put simply, PolicyShield ™  will remove the headache and risk associated with creating and maintaining a valid IT security policy.    
 
“Most organisations find the creation of relevant IT Security policies to be a real challenge” said Robert O’Brien, Baronscourt Managing Director UK and Ireland. “However the impossible challenge remains the continual updating of policies in order to remain current with regulations and technology changes. Information Shield services saves hours of time and costs a fraction of the cost of adopting a traditional policy writing approach”.

Ensuring that IT Security policies are water tight and are kept up to date is imperative, particularly in the current climate of high profile security breaches. In today’s highly regulated environment it is simply not acceptable to let policies lapse or become out of date.  In the words of renowned security expert Dr Anton Chuvakin, not updating a security policy is an ‘IT Security Sin’ second only to not having a security policy at all.

Home     More Baronscourt Stories     Search News

More News