Comments on: How Many Information Security Policies Do I Need? http://itknowledgeexchange.techtarget.com/itanswers/how-many-information-security-policies-do-i-need/ Mon, 20 May 2013 17:27:58 +0000 hourly 1 By: ntsandy http://itknowledgeexchange.techtarget.com/itanswers/how-many-information-security-policies-do-i-need/#comment-86125 ntsandy Wed, 05 Jan 2011 13:49:55 +0000 #comment-86125 Unless you have a ironclad contract in place that has acceptable SLAs in place I would make sure that I had IR and DR plans in place. You also need to have plans in place that will guide your company in the event of an issue even if the hosting provider is handling everything else. How will you continue business during their recovery period?

As for policies it depends on several factors. What industry you are in. What type of business you conduct over the internet. How you interact w/ customers. Is your web site info only or e-commerce. What regulations you are subject to. etc….

As for the SAS70 it is basically useless as a security measure. The hosting provider defines what is measured so it’s pretty hard to not pass.

]]>