Skip to main content

Articles

What to Include in Your Company’s ISP

Date

February 16, 2022

Read Time

1 minute

Share


All companies, regardless of size, should have an ISP, or Information Security Program. Because an ISP is designed to mitigate the risk of an information security breach and meet compliance with regulatory requirements, a company’s ISP should focus on creating policies and procedures relating to the following: (1) data governance and classification; (2) access controls; (3) capacity and performance planning; (4) systems and network security; (5) systems and network monitoring; (6) systems and application development; (7) physical security and environmental controls; (8) risk assessment; (9) incident response; and (10) personnel training.

Click here to read more of Lisa Vandesteeg’s article for BigTime Marketing, including a checklist designed to help you create an ISP that meets the needs of your business.


Filed under: Financial Services & Restructuring

May 21, 2025

PEB Commentary Casts Doubt on Incorporation-by-Reference Approach to UCC-1 Collateral Descriptions

Read More

May 14, 2025

Finding Opportunity in Uncertainty: A Cross-Disciplinary Look at Distressed-Asset Transactions

Read More