Security Policy Review.png


Cyber-attacks can be incredibly disruptive to your business, this includes financial information, classified documents, employee data and customer information being exposed online for all to see. A common misconception is that cybercriminals focus on larger organisations, however in reality any company that works online or sells online is a potential victim.

A business’s cyber security policy is key in minimising these threats posed by cybercrime. The policy helps clearly outline the guidelines for a business’s physical and digital cyber security.

A cyber security policy should be easy for the whole business to follow and for senior managers to enforce. Each policy can be tiered to support the needs and size of the business in question.

Our Cyber Security Policy review will dive into your current security policy, looking at how it is written and how it is implemented. We use key elements of the international information security management systems standard, ‘ISO/IEC 27001:2013’ as a model for security policy reviews to identify any gaps, and to ensure that policy, procedure and technical controls implemented by your organisation are based on coherent risk management. 

The policy should not be seen as a static document that you write once and only look at when it’s reviewed on an annual basis. It should be a live document that constantly changes as IT, network, and data security threats evolve and company changes occur.


It should clearly outline the guidelines for transferring company data, accessing private systems and devices, and using company-issued devices.