|
Does this apply to my business?
Yes. If you have 2 or more employees then this Information Security Policy Manual (ISPM) is applicable. The scope of this information security policy manual does not get into industry-specific regulations outside of the PCI DSS, HIPAA, SOX, GLBA, SEC, and FACTA. Additional customization is available for an additional fee (based on labor).
Why is there only one version of the Information Security Policy Manual (ISPM)?
As a Certified Information Systems Security Professional (CISSP), the author used his experience and the ISO 17799 guidelines to create a comprehensive policy manual for small and medium businesses. Standards are standards for a reason. If you "save money" on a lesser solution, you get what you pay for. Our goal is to provide a solution that meets what businesses face today and what they can expect to face in the future.
What do I get when I buy an ISPM?
A professionally written Information Security Policy Manual (ISPM) that covers 37 specific topics of immediate concern to all small and medium businesses (SMBs). Your logo will be featured on the cover of the manual and your company name will be embedded throughout the document. The format provided to customers is a Portable Document Format (PDF), so it can be used by all compatible operating systems and can be printed out as needed. If you need the ability to edit the document, you can obtain the ISPM in Microsoft Word 2003 format.
What forms of payment do you accept?
All major forms of credit and debit card are accepted. We currently accept secure online payments through Google Checkout, but we can send a PayPal invoice upon request. Both Google Checkout and PayPal use strong SSL encryption to secure transaction security. iSecurityPolicy.com staff does not have access to or retain your credit card information. All credit card transactions are outsourced to Google Checkout or PayPal, which are PCI DSS compliant and secure payment gateways.
Will the Information Security Policy Manual (ISPM) have your logo or mine?
If you have a logo, have it ready at the time of purchase since you will be prompted to upload it. The cover page of the ISPM will have your company's logo prominently displayed. The rest of the document will have your company name throughout, so anyone reading the document will get the feel the ISPM was custom created and tailored to your company.
What if I do not have a logo?
You can have the manual printed without a logo if you do not currently have one or if you wish to leave the logo off the cover page.
What do I need to provide?
We require a high-resolution company logo file (JPG, GIF or BMP), your company’s official name, and your company’s common name. You will be prompted to upload this information prior to payment and will be able to proof the cover page before finalizing the purchase.
|
Official Name (examples)
|
Common Name (examples)
|
|
Beaverton Metropolitan Chamber of Commerce
|
Beaverton Chamber
|
|
City of Beaver Springs
|
COBS
|
|
Sonoma Technology Consulting, LLC.
|
SonomaTech
|
|
Can I get the policy manual with additional customization?
Yes. There is added cost involved due to labor incurred, but we can customize to meet your specific requirements. The ISPM was developed to meet the need of virtually all small and medium businesses, so it is unlikely additional customization is required. If you want to add your own customization to the document, you should purchase the Microsoft Word version, instead of the default PDF version.
My company currently accept credit cards. What do I need to do to become PCI DSS compliant?
Only by meeting these four steps, will you be compliant with the PCI DSS.
Step 1: Purchase an Information Security Policy Manual (ISPM)
Step 2: Implement the ISPM to meet PCI DSS requirements 1 through 12
Step 3: Complete the annual Self Assessment Questionnaire (SAQ), based on Merchant type
Step 4: Purchase a HackerView vulnerability assessment in order to meet the quarterly audit requirement
You need to meet ALL the requirements of the PCI DSS (e.g. purchase & implement the ISPM), perform the annual SAQ, AND perform a quarterly network scan in order to be considered PCI DSS compliant.
What happens if my business is not PCI DSS compliant?
You will be in breach of contract - read your merchant service contract.
Some Merchant Service Providers (MSPs) charge a monthly fine for non-compliance. These MSPs will tack on charges onto merchants’ monthly statements until the merchant provides documentation of compliance. These are fines that the MSP can charge, since you signed the merchant service contract with them, giving them the power to do so.
For most merchants, it is an “ignorance is bliss” scenario until something goes wrong. When a fraudulent charge or data breach occurs, the merchant will be held liable for:
- the costs of replacing of compromised credit cards,
- notification costs,
- lawsuits,
- forensic examination of your network,
- and if you are still in business after everything is said and done, you will be elevated to a Level 1 merchant, which significantly enhances the costs and requirements to accept credit cards.
If you are a Small to Medium Business (SMB), your likely outcome is bankruptcy, since insurance will not cover your non-compliance expenses. With that in mind, the cost of the Information Security Policy Manual (ISPM) or PCI DSS Policy Manual (PDPM) is immensely affordable.
Is this software or a subscription service?
No. The Information Security Policy Manual (ISPM) is a one-time purchase and no software needs to be installed. The ISPM is delivered via e-mail as a PDF attachment, which can be viewed on Windows, Mac, or Linux systems.
Can I get a Microsoft Word version instead of PDF?
Yes. You have the option to select PDF or Microsoft Word 2003. The Microsoft Word version is only necessary is you want to make additional changes. Most users will only need the PDF version, since it is already customized to your company.
How is your policy manual different from the free templates I can find on the Internet?
The ISPM is customized specifically for your company, as if you employed an Information Security professional to write a set of policies for your company in-house. With a lot of template sites, options are given to pick and choose policies. Realistically, unless you are trained in Information Security and legitimately know what components are required to meet compliance minimums with a law or regulation, you are assuming a significant liability. Without expertise, it is a situation of “the blind leading the blind” in selecting and implementing policies.
The expertise that has been drawn upon for the ISPM covers over three decades of experience in mitigating risk for technical, operational, and physical threats. You are buying expertise. With a lot of lesser options on the Internet, you get what you pay for - it is as simple as that. When it comes to the liability facing your company, it would be careless to rely on amateur solutions. You use a CPA for your finances. You see a doctor for your medical care. Why would you rely on a unprofessional solution for your Information Security needs?
How do I implement the policies once I buy the ISPM?
Click here for a visual explanation of how simple it is to implement Information Security policies.
Note - Administrative changes require management to publish and enforce the new standards within the ISPM, such as employee training or disciplining employees who violate regulations. Your current IT provider will be able to use the Information Security Policy Manual (ISPM) as a "road map" to make any necessary corrections to your network, in regards to technical changes (e.g. upgrading hardware or implementing group policies).
How can I justify the price?
The Information Security Policy Manual (ISPM) and PCI DSS Policy Manual (PDPM) are a fraction of the cost for a comparable product produced from an on-site consultant. The cost for an ISPM through iSecurityPolicy.com is approximately 1/10th the expense of hiring an Information Security consultant to custom-build the same policies, procedures, standards, and guidelines you can buy through our website.
In comparison, the Information Security Policy Manual is less expensive than the following:
- Average business-class router
- 3 hours of a security consultant’s time (estimate 20-30 hours for an on-site solution)
- 2 hours of a lawyer’s time to assist in a disciplinary action when an employee counters that he/she was never informed of any restrictions or prohibitions that would lead to employee termination or discipline
- Cleanup following a malware infection
- Loss of business prestige from being compromised
The thoroughness of the ISPM and PDPM are without rival for the cost.
What is the refund policy?
Due to the intellectual property nature of the Information Security Policy Manual (ISPM) and HackerView, we do not offer refunds. No refund of payment will be made once the product has been issued. The author is a CISSP, MCSE, MBA and former military officer, so the quality of the work is equivalent to what is found in a Fortune 500 (enterprise class) environment. The solutions provided by iSecurityPolicy.com are based on industry-recognized best practices and standards.
How quickly can I receive my manual?
Turn around time is generally 1-2 business days. Upon completing the online transaction, you will receive a confirmation e-mail. The completed product will be delivered to the e-mail address used to register at the time of purchase.
What expertise is relied upon for this Information Security Policy Manual?
The lead author is a Certified Information Systems Security Professional (CISSP), Microsoft Certified Systems Engineer (MCSE), and former military officer with over 14 years of Information Security experience. CISSPs must follow a strict code of ethics from the (ISC)2:
- Protect society, the commonwealth, and the infrastructure.
- Act honorably, honestly, justly, responsibly, and legally.
- Provide diligent and competent service to principals.
- Advance and protect the profession.
|
