With the Security Bation basic package you can relax with full coverage of the International Standards Organizations (ISO 27001) standard for information security management.

This package contains security templates that comply with ISO/IEC 27001, PCI DSS, COBIT5, HIPAA, MASS 201 CMR 17.00, FISMA, Basel III, GLBA

  • Comprehensive library of information security policy, standards and processes/procedures
  • All documents can be easily customized to your organization’s needs
  • Each statement maps back to the applicable ISO 27002 control
  • Easily mapped back to any compliance regulation
  • Helps deliver your projects on time and in budget
  • Complete coverage of the latest regulatory and technical requirements
  • Communicate security to all levels of your organization effectively
  • Full access including all updates for 12 months
  • Simply download, customize and be ready in minutes
  • Designed for effective implementation by expert CISSP certified security professionals
  • Designed to adopt ISO/IEC 27001, PCI DSS, COBIT5, HIPAA, MASS 201 CMR 17.00, FISMA, Basel III, and GLBA
  • Get your compliance security documentation completed without starting from scratch
  • Don’t be a target-use credible security templates based on internationally recognized standards
  • Addresses Regulatory Requirements
Imagine having all your information security documentation with full ISO 27001 coverage written to a high standard within the next hour – with Security Bastion you can!

Package Coverage

Organization of Information Security

Internal Organization Management commitment to information security. Below is a brief selection of some of the areas that are covered.

  • Information security coordination
  • Allocation of information security responsibilities
  • Confidentiality agreements
  • Contact with authorities
  • Independent review of information security
External Parties

Identification of risks related to external parties. Below is a brief selection of some of the areas that are covered.

  • Addressing security when dealing with customers
  • Addressing security in third-party agreements
  • Assessing risk when dealing with third parties
  • Review of third-party security
Asset Management

Responsibility for Assets – Inventory of Assets – Ownership of Assets. Below is a brief selection of some of the areas that are covered.

  • Acceptable use of assets.
  • Acceptable use policy
  • Information classification
  • Classification guidelines
  • Information labeling and handling
Human Resources Security

Prior to employment – Roles and responsibilities – Screening of employees. Below is a brief selection of some of the areas that are covered.

  • Terms and conditions of employment
  • Management responsibilities during employment
  • Information security awareness, education and training
  • Termination or change of employment
  • Termination responsibilities
  • Return of assets
  • Removal of access rights
Physical and Environmental Security

Secure areas – Physical security perimeter – Physical entry controls. Below is a brief selection of some of the areas that are covered.

  • Securing offices, rooms and facilities
  • Protecting against external and environmental attacks
  • Public access, delivery and loading areas
  • Securing supporting utilities
  • Cabling security
  • Equipment maintenance
  • Security of equipment off-premises
  • Secure disposal or re-use of equipment
  • Removal of property
Communications and Operations Management

Operational procedures and responsibilities – Documented operating procedures – Change management. Below is a brief selection of some of the areas that are covered.

  • Segregation of duties
  • Third party service delivery management
  • Monitoring and review of third party services
  • Managing changes to third party services
  • System planning and acceptance
  • Capacity management
  • Protection against malicious and mobile code
  • Information back-up
  • Network security management
  • Media handling and information handling procedures
  • E-commerce services and online transactions
  • Monitoring and log management
Access Control

Business requirements for access control – Access control policy – User access management. Below is a brief selection of some of the areas that are covered.

  • User registration
  • Privilege management
  • Password management
  • Review of user access rights
  • Access control to program source code
  • Change control procedures
  • Restrictions on changes to software packages
  • Technical vulnerability management
  • Sensitive system isolation
  • Mobile computing and communications
Information Systems Acquisition, Development and Maintenance

Reporting information security events and weaknesses — Reporting information security events –Reporting weaknesses. Below is a brief selection of some of the areas that are covered.

  • Input/Output data validation
  • Message integrity
  • Cryptographic controls
  • Key management
  • Access control to program source code
  • Change control procedures
  • Technical review of applications after operating system changes
  • Technical Vulnerability Management
  • Outsourced software development
  • Control of technical vulnerabilities
Information Security Incident Management

Reporting information security events and weaknesses. Below is a brief selection of some of the areas that are covered.

  • Management of information security incidents and improvements
  • Responsibilities and procedures
  • Learning from information security incidents
  • Collection of evidence
  • Complete incident management process
Business Continuity Management

Information security aspects of business continuity management, including information security in the business continuity management process, business continuity and risk assessment. Below is a brief selection of some of the areas that are covered.

  • Developing and implementing continuity plans including information security
  • Business continuity planning framework
  • Business continuity plan
  • Test maintaining and re-assessing business continuity plans
Compliance

Compliance with legal requirements – Identification of applicable legislation and regulation – Intellectual Property Rights (IPR). Below is a brief selection of some of the areas that are covered.

  • Protection of organizational records
  • Data protection and privacy of personal information
  • Prevention of misuse of information processing facilities
  • Compliance with security policies and standards, and technical compliance
  • Compliance with security policies and standards
  • Technical compliance checking
  • Information systems audit considerations
  • Information systems audit controls
  • Protection of information system audit tools
Security Risk Management

Security risk management policy – Identification of security risk via threat and risk analysis process. Below is a brief selection of some of the areas that are covered.

  • Risk management responsibilities
  • Risk management policy
  • Threat and risk analysis tool box
  • Threat and risk analysis process
  • Risk management guidelines
  • Risk register

Package Content

ISO27001 ISO17799 IMPLEMENTATION MANAGER.docx
ISO27001-ISO27002 DOCUMENTATION – USER INSTRUCTIONS.docx
DOCUMENT & ROLES-RESPON MANAGEMENT TOOL.xls

COMPLIANCE MAPPING

HIPAA CROSS REFERENCED TO 27001.xls
PCIDSS CROSS REFERENCED TO 27001.xlsx
MASS DATA LAW CROSS REFERENCED TO 27001.xls
COMPLIANCE CROSSWALK COBIT-HIPPA-PCIDSS-MASS-DATA-ISO27001.XLSX

COMPLIANCE REFERENCES

201 CMR 17 FAQS.pdf
201 CMR 1700 REGULATION AUGUST 17. 2009 RELEASE.pdf
HIPAA SUMMARY.pdf
HIPPA ACT 1996.pdf
PA-DSS_V2.pdf
PCI_PA-DSS_V2_SUMMARY_OF_CHANGES.pdf

SECTION 2, 3 & 5

BOARD MEETING MINUTES.docx
FIRST BOARD MEETING AGENDA.docx
SB1.8 – AUDIT-PROCEDURE.docx
SB3.1 – EFFECTIVENESS MEASUREMENT PROCEDURE.docx
SB5.1 – INFORMATION SECURITY POLICY.docx
SB5.2 – MANAGEMENT REVIEW OF THE INFORMATION SECURITY POLICY.docx
SBISMS1 – PROTECTION AND CONTROL OF ISMS DOCUMENTATIONdocx
SBISMS2 – CONTROL OF RECORDS.docx
SBMS1 – INTERNAL AUDIT PROCEDURE.docx
SBMS2 – CORRECTIVE ACTION, PREVENTIVE ACTION PROCEDURE.docx
SBREC2A – INTERNAL AUDIT REPORT LEAD SHEET.docx
SBREC3A – NON-CONFORMANCE REPORT.docx
SECOND BOARD MEETING AGENDA.docx
SBREC1A – INTERNAL AUDIT SCHEDULE.xlsx
SBREC4A – NON-CONFORMANCE REPORT LOG.xlsx

SECTION 4 – RISK ASSESSMENT

INFORMATION SECURITY THREAT IDENFITCATION WORKBOOK.docx
SB4.1 – THREAT AND RISK ASSESSMENT PROCESS.docx
SB4.2 – RISK VULNERABILITY WORKSHEET.doc
SB4.3 – DETAILED THREAT AND RISK ASSESSMENT.docx
SB4.4 – ACCELERATED THREAT AND RISK ASSESSMENT.docx

RISK TOOL BONUS Premium Only

INFORMATION RISK ASSESSMENT METHODOLGY.docx
RISK ANALYSIS WITH PROBABILITY.xlsx
RISK ASSESSMENT METHODOLOGY WORKBOOK.xlsx
RISK REGISTER.xlsx

SECTION 6 – ORGANIZATION

SB6.1 – INFORMATION SECURITY COMMITTEE.docx
SB6.2 – INFORMATION SECURITY CO-ORDINATION.docx
SB6.4 – AUTHORIZING NEW INFORMATION PROCESSING FACILITIES.docx
SB6.5 – CONFIDENTIALITY AGREEMENTS.docx
SB6.6 – CONTACT WITH AUTHORITIES GUIDE.docx
SB6.7 – INTERNAL INDEPENDENT REVIEW PROCEDURE.docx
SB6.8 – EXTERNAL PARTIES INFORMATION SECURITY PROCEDURE.docx
SBREC6.6A – AUTHORITIES AND KEY SUPPLIERS.docx
SBSTD6.0 – ORGANIZATION OF INFORMATION SECURITY STANDARD MANUAL.docx

SECTION 7 – ASSET MGMT

SB7.1 – INVENTORY AND OWNERSHIP OF ASSETS.docx
SB7.2 – ACCEPTABLE USE POLICY.docx
SB7.3 – INFORMATION SECURITY CLASSIFICATION GUIDELINES.docx
SBSTD7.0 – ASSET MANAGEMENT STANDARD MANUAL.docx
SB7.3A – INFORMATION ASSET CLASSIFICATION TOOL.xls
SBREC7.4 – INVENTORY OF ASSETS.xlsx

SECTION 8 – HR

SB8.1 – PERSONNEL SCREENING PROCEDURE.docx
SB8.11 – SCHEDULE OF REQUIRED HR AMENDMENTS.docx
SB8.2A – TERMINATION CHECKLIST.docx
SB8.3 – EMPLOYEE TERMINATION GUIDE.docx
SBSTD8.0 – HUMAN RESOURCE SECURITY STANDARD MANUAL.docx

SECTION 9 – PHYSICAL SECURITY

SB9.10 – EQUIPMENT SECURITY PROCEDURE.docx
SB9.11 – SECURE DISPOSAL OF STORAGE MEDIA PROCEDURE.docx
SB9.12 – REMOVAL OFF-SITE OF INFORMATION ASSETS PROCEDURE.docx
SB9.1A – INFORMATION ASSETS FOR DISPOSAL.docx
SB9.7 – PHYSICAL PERIMETER SECURITY CHECKLIST.docx
SB9.8 – PHYSICAL ENTRY CONTROLS AND SECURE AREAS PROCEDURE.docx
SB9.9 – PUBLIC ACCESS, DELIVERY AND LOADING AREAS PROCEDURE.docx
SBSTD9.0 – PHYSICAL AND ENVIRONMENTAL SECURITY STANDARD MANUAL.docx

SECTION 10 – COMMS AND OPS MGMT

SB10.1 – DOCUMENTED PROCEDURES.docx
SB10.10 – SYSTEM PLANNING AND ACCEPTANCE PROCEDURE.docx
SB10.11 – POLICY AGAINST MALICIOUS CODE (MALWARE).docx
SB10.12 – CONTROLS AGAINST MALICIOUS CODE PROCEDURE.docx
SB10.13 – BACKUP PROCEDURES.docx
SB10.14 – NETWORK CONTROLS AND SERVICES PROCEDURE.docx
SB10.15 – MEDIA AND INFORMATION HANDLING PROCEDURE.docx
SB10.16 – BUSINESS INFORMATION SYSTEMS PROCEDURE.docx
SB10.17 – E-COMMERCE AND ONLINE TRANSACTIONS PROCEDURE.docx
SB10.18 – INFORMATION SECURITY MONITORING PROCEDURE.docx
SB10.7 – CHANGE CONTROL PROCEDURE.docx.
SB10.8 – ENVIRONMENT SEPARATION PROCEDURE.docx
SB10.9 – MANAGING THIRD PARTY SERVICE CONTRACTS PROCEDURE.docx
SBSTD10.0 – COMMUMICATIONS AND OPERATIONS MANAGEMENT STANDARD MANUAL.docx

SECTION 11 – ACCESS CONTROL

SB11.1 – ACCESS CONTROL POLICY.docx
SB11.10 – USE OF SYSTEM UTILITIES PROCEDURE.docx
SB11.11 – MOBILE COMPUTING SECURITY PROCEDURE.docx
SB11.12 – TELEWORKER SECURITY PROCEDURE.docx
SB11.2 – USER ACCESS MANAGEMENT PROCEDURE.docx
SB11.3 – ACCESS CONTROL RULES AND RIGHTS FOR USERS GROUPS PROCEDURE.docx
SB11.7 – NETWORK ACCESS CONTROL POLICY.docx
SB11.8 – NETWORK ACCESS CONTROL PROCEDURE.docx
SB11.9 – SECURE LOG-ON, SESSION TIME-OUT AND SENSITIVE SYSTEM ISOLATION PROCEDURE.docx
SBSTD11.0 – ACCESS CONTROL STANDARD MANUAL.docx

SECTION 12 – INFO SYSTEMS ACQ ETC

SB12.2 – CRYPTOGRAPHIC KEY MANAGEMENT PROCEDURE.docx
SB12.3 – CONTROL OF OPERATIONAL SOFTWARE PROCEDURE.docx
SB12.4 – VULNERABILITY MANAGEMENT PROCEDURE.docx
SBSTD12.0 – INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT, AND MAINTENANCE STANDARD MANUAL.docx

SECTION 13 – INCIDENT MANAGEMENT

SB13.1 – REPORTING INFORMATION SECURITY WEAKNESSES AND EVENTS PROCEDURE.docx
SB13.2 – RESPONDING TO INFORMATION SECURITY REPORTS PROCEDURE.docx
SB13.4 – COLLECTION OF EVIDENCE PROCEDURE.docx
SB13.6 – NOTIFICATION OF INFORMATION SECURITY BREACHES PROCEDURE.docx
SBSTD13.0 – INFORMATION SECURITY INCIDENT MANAGEMENT STANDARD MANUAL.docx

SECTION 14 – BCM

SB14.1 – BUSINESS CONTINUITY PLANNING PROCEDURE.docx
SB14.2 – BUSINESS CONTINUITY RISK ASSESSMENTS PROCEDURE.docx
SB14.3 – BUSINESS CONTINUITY PLAN.docx
SB14.4 – TESTING, MAINTAINING AND RE-ASSESSING BC PLANS PROCEDURE.docx
SBSTD14.0 – BUSINESS CONTINUITY MANAGEMENT STANDARD MANUAL.docx

SECTION 15 – COMPLIANCE

SB15.1 – INTELLECTUAL PROPERTY RIGHTS POLICY STATEMENT.docx
SB15.2 – RETENTION OF RECORDS PROCEDURE.docx
sB15.3 – IPR COMPLIANCE PROCEDURE.docx
SB15.4 – COMPLIANCE AND COMPLIANCE CHECKING PROCEDURE.docx
SB15.5 – SYSTEMS AUDITING PROCEDURE.docx
SB15.6 – DATA PROTECTION AND PRIVACY POLICY STATEMENT.docx
SBSTD15.0 – COMPLIANCE STANDARD MANUAL.docx

ADVANCED SECURITY MANAGEMENT TOOL BAG Plus and Premium Only

INFORMATION ASSET CLASSIFICATION TOOL.xlsx
ISO 17799 2005 POLICY MAPPING CHECKLIST (WITH-EXAMPLE DATA).xlsx
ISO27002 WORK PLAN – (WITH-EXAMPLE-DATA).xlsx
MASTER INFORMATION ASSET PROFILE (WITH-EXAMPLE-DATA).xlsx
PICK-AND-CHOOSE-DESIGN-PRINCIPLES.xlsx
RISK-ANALYSIS-WORKSHEET-EXAMPLE.xlsx
SELF-ASSESS TOOL (WITH-EXAMPLE-DATA).xlsx

VBA FIND AND REPLACE TOOL Plus and Premium Only

SECURITY BASTION FIND AND REPLACE TOOL.DOTMPlus and Premium Only*

INFORMATION SECURITY PROCESS PACK Premium Only

ACCESS-MANAGEMENT-PROCESS.docx
EQUIPMENT-REMOVAL-PROCESS.docx
EXTERNAL-CONNECTION-APPROVAL-PROCESS.docx
INCIDENT-RESPONSE-PROCESS.docx
INFORMATION-CERTIFICATION-PROCESS.docx
THREAT-AND-RISK-ASSESSMENT-PROCESS.docx
THREAT-MANAGEMENT-PROCESS.docx
VULNERABILITY-MANAGEMENT-PROCESS.docx

01Simply sign up to our service and have instant access to a comprehensive range of security governance documentation templates, including information security policies standards and procedures.

02Security Bastion`s security templates have been developed by our team of information security authors who have many years of experience developing and more importantly implementing information security management across a wide range of organizational types.

03In addition, all information security templates are constantly reviewed to ensure that they are up-to-date with industry best practices.

04Our information security documentation will give you complete regulatory compliance coverage providing statements which can be easily mapped back to any compliance regulation.

05Security Bastion services and products combine actionable wisdom and relevant implementation advice embedded in security templates that cover the full range of information security controls….

06Security Bastion’s security templates are comprehensive and wide ranging with hundreds of policy and standard statements covering every aspect of information security.

Download Sample Template. and try before you buy

Get Started