Policy Assessments
COMPASS has defined 36 operational areas consisting of 1,315 elements that collectively define an organization’s overall security posture. Using this pre-defined structure as a standard, we evaluate the client’s existing documentation to complete a policy gap analysis and identify weaknesses within the business unit. Some areas of focus include:
- Acceptable Use of Assets
- Asset Management
- Electronic Mail Security
- Information Exchange
- Mobile Computing Security
- Password Management
- Access Control
- Information Classification
- IT Risk Management
- Social Networking Acceptable Use
Using the data found in the policy gap analysis, COMPASS creates a chart that outlines the number of elements missing within each of the 36 policies. As an additional resource, COMPASS attaches a policy guide that specifies what each client’s policies should include. This allows the client to write their own policies if they choose to do so internally.