Written Policies

How PC360 Helps Your Club Formulate an Effective Written Information Security Program (WISP)

InteProIQ Private Clubs 360 provides much more than an InfoSec employee training program. We also help your club initiate a comprehensive Written Information Security Program (WISP). A WISP is the foundation for strong information security at your club. It is designed to do the following:

  • Ensure the security and confidentiality of Member and Employee Information;
  • Protect against anticipated and/or unanticipated threats to the integrity of such information; and
  • Protect against unauthorized access of information that could result in substantial harm or reputational damage to any member, employee or the club.

An effective WISP includes the following elements:

  1. Information Security Training Program – for all employees with access to sensitive club member and/or employee information. Our online curriculum provides the comprehensive training needed to help reduce your club’s risk of a security breach.
  2. Risk Assessment Tool – used to assess and document any potential areas of risk throughout your club’s operations. We provide you with a comprehensive Microsoft® Excel-based tool that guides you through the risk assessment and documentation of identified risks.
  3. Information Security Written Policies – embodies all policies related to the management and protection of sensitive member, employee and club information. We provide you with a comprehensive (64 pages) Microsoft® Word-based tool that helps you document your club’s specific information security policies.
Featured Written Policies:
Third-party Security Management policy
Information Exchange policy
Information Risk Management policy
Bring Your Own Device policy
Information Classification policy
Information Disposal policy
Information Handling policy
Acceptable Use policy
Security Awareness, Training and Education policy
Physical Security policy
Configuration and Change Management policy
E-mail and Messaging Security policy
 
Log Management and Monitoring policy
Malicious Code Protection policy
Mobile Device Security policy
Network Security Management policy
Remote Access policy
Telecommuting Security policy
Access Control policy
Password Management policy
Information Security Incident Reporting and Response policy
Business Continuity Management policy
Data Backup and Recovery policy