This assignment gives you an opportunity to create a security and control policy for a small company.
You manage a small consulting firm that uses a number of external sub-contractors to help with various consulting projects. These sub-contractors are not direct employees but they must be able to access your computer systems in order to complete their work.
In order to safeguard your systems and data, you have decided to put together a policy document for sub-contractors that details your expectations and requirements for contactors working with you.
Your report should be in Microsoft Word. Prepare a report with three sections formatted as a policy document. Check for examples online to see what a policy document should look like. Please format your report professionally and submit it to the Assignments folder before the due date.
Part A: Purpose/Rationale
Explain the rationale behind the policies, procedures and standards that you will cover in this policy document. This section should lay the foundation for why security is so important.
Part B: Policies and Procedures
Articulate your policies in this section. Each policy should have a reference number and state exactly what your expectations are. Try to order/group your policies logically.
Consider all possible scenarios. For example, what types of devices will the policy cover? What kinds of security are mandatory? Who is in charge? Where does data reside?
Part C: Consequences
Clearly explain what will happen if sub-contractors fail to follow your policies and how you will hold them accountable. For example, will you withhold payment, pursue financial claims, etc.
Remember, this policy document pertains to subcontractors only. There is no need to include policies for other groups (i.e. employees, customers, etc.).