About compliIT Packages

comiIT offers three packages to choose from base don your business needs. The basic offers the minimum base-line security for any organization. Moving up to moderate or advanced risk protection primarily depends on your organizations regularly and compliance requirements, or if you specialize in software development. Single policies to add to your current policy suite are also available.

Select Package

Basic Policy Package

The basic risk policy package includes the core cybersecurity policies and supporting standards. This package is recommended for SMBs that are looking to meet a baseline level of security for their organization.

This includes 15 customizable documents.

* Information Security Policy

* Privacy Policy

* AI and Acceptable Use Policy

* Security Awareness and Training Policy

* 12 supporting Standards

$49.99

Moderate Policy Package

The immediate risk policy package is for these booking to add additional security for your organization. This package includes additional policies to achieve a higher level of security and includes all policies and standards in the Basic Risk plan, and additional policies and standards for a total of 25 customizable documents.

* One additional Standard

* Nine additional Policies

$129.99

Advance Policy Package

This is our full suite of policies and standards. It is recommended for organizations who wish to implement all security policies and standards such as, those who manage critical infrastructure, work with the Federal government, or are in high-risk industries (e.g., education, financial, and healthcare).

This package includes all policies and standards in the Intermediate Risk plan for a total of 32 customizable documents.

* Two additional Standards

* Five additional Policies

$169.99

Package Contents

Basic Package

Moderate Package

Advance Package

Information Security Policy

Account Management / Access Control

Cyber Incident Response Standard

Information Classification Standard

Information Security Risk Management Standard

Patch Management Standard

Remote Access Standard

Mobile Device Security Standard

Secure Configuration Management

Security Awareness and Training Polic

Pilicy Title

i

Standard policy for the implementation and management of a security awareness program for general purposes, or to meet compliance requirements.

i

The purpose of this standard is to establish baseline configurations for information systems that are owned and/or operated by the entity. Effective implementation of this standard will maximize security and minimize the potential risk of unauthorized access to information and technology.

This standard outlines the additional protections required for the use of mobile devices.

i

The purpose of this standard is to establish authorized methods for remotely accessing resources and services securely.

i

This standard relates specifically to vulnerabilities that can be addressed by a software or firmware update (patch) and applies to all software used on the entity’s systems.

i

This standard provides a risk management framework to evaluate current security posture, identify gaps, and determine appropriate actions.

i

This standard defines how the organization classifies their systems and data, such as confidential, internal, and public, so that the correct controls can be put into place based on the classification.

i

This standard outlines the general steps for responding to computer security incidents.

i

The purpose of this standard is to establish the rules and processes for creating, maintaining and controlling the access of a digital identity to an entity’s applications and resources for means of protecting their systems and information.

i

The overarching information security policy that defines all aspects of an organizations security implementation.

i

Vulnerability Scanning Standard

Sanitization Secure Disposal Standard

Acceptable Use Standard

Access Control Policy

Contigency Planning Policy

Identification and Authentication Policy

Incident Reponse Policy

Personnel Security Policy

Physical and Environmental Protection Policy

Secure Logging Standard

AI Acceptable Use Policy

To ensure that Information Technology (IT) resources are protected by physical and environmental security measures that prevent physical tampering, damage, theft, or unauthorized physical access.

i

Ensures that personnel security safeguards are applied to the access and use of information technology resources and data.

i

The purpose of this policy is to define the organizations responsibility in responding to security threats affecting the confidentiality, integrity, and/or availability of information technology (IT) resources, and ensure that Information Technology (IT) properly identifies, contains, investigates, remedies, reports, and responds to computer security incidents.

i

Ensures that only properly identified and authenticated users and devices are granted access to information technology resources in compliance with IT polices, standards, and procedures.

i

To be prepared for unexpected events or disruptions to ensure quick and effective response, which minimizes negative consequences and downtime ensures that normal Information Technology (IT) resources and information systems are available during times of disruption of services.

i

Ensures the implementation of access controls and in compliance with IT security policies, standards, and procedures.

i

This policy outlines unique risks with GenAI, provides guideance for employees acceptable use of these tools and protecting confidentiality of sensitive data, trade secrets, intellectual property, and brand reputation. The priciples of this policy are ground in fairness, accountability, transparency, privacy, and security.

i

Identifies the acceptable use of information technologies for an organization including specific hardware and software, and their requisite version, that are acceptable for use.

i

Information systems capture, process, and store information using a wide variety of media, including paper. This information is not only located on the intended storage media but also on devices used to create, process, or transmit this information. These media may require special disposition in order to mitigate the risk of unauthorized disclosure of information and to ensure its confidentiality.

i

This policy defines how an organization collects, uses, and shares personal information. It defines the data handling practices and remain in compliance with privacy laws.

i

This standard outlines that all systems must be scanned for vulnerabilities. In addition, each system must be inventoried and have an individual or group assigned responsibility for maintenance and administration.

i

This standard defines requirements for security log generation, management, storage, disposal, access, and use.

i

System and Information Integrity Policy

Authentication Tokens Standard

Encryption Standard

Information Systems Maintenance Policy

Media Protection Policy

Security Auditing Policy

System Security Policy

Secure Coding Standard

Secure System Development Life Cycle Standard

Regulatory-Specific Add-Ons (HIPAA, PCI, GDPR)

Security Assessment and Authorization Policy

We will work with your company to create regulatory specific policy add-ons to cover GDPR, PCI-DSS, HIPSS, and other known industries.

i

This Secure System Development Life Cycle Standard defines security requirements that must be considered and addressed within every SDLC. This policy can be purchased individually.

i

The objective of this coding standard is to ensure that code written is resilient to high-risk threats and to avoid the occurrence of the most common coding errors which create serious vulnerabilities in software. This policy can be purchased individually.

i

Ensures that Information Technology (IT) resources and information systems are established with effective security controls and control enhancements that reflect applicable federal and state laws, Executive Orders, directives, regulations, policies, standards, and guidance.

i

Ensures that Information Technology (IT) resources and information systems are established with effective security controls and control enhancements that reflect applicable federal and state laws, Executive Orders, directives, regulations, policies, standards, and guidance.

i

To ensure that Information Technology (IT) controls access to and disposes of media resources in compliance with IT security policies, standards, and procedures.

i

This policy defines how IT assests, systems, and software are updated, patched, and repaired to ensure their security, stability, and reliability.

i

Encryption is a cryptographic operation that is used to enhance security and protect the electronic data (“data”) by transforming readable information (“plaintext”) into unintelligible information (“ciphertext”). Encryption is an effective tool in mitigating the threat of unauthorized access to data.

i

The purpose of this standard is to list the appropriate authentication tokens that can be used with systems developed or operated that require authenticated access depending on the Authenticator Assurance Level (AAL). This document also provides the requirements for management of those authentication devices.

i

Ensures that Information Technology (IT) resources and information systems are established with system integrity monitoring to include areas of concern such as malware, application and source code flaws, industry supplied alerts and remediation of detected or disclosed integrity issues.

i

Ensures audit of security controls in information systems, and the environments in which those systems operate, as part of initial and ongoing security authorizations, annual assessments, continuous monitoring and system development life cycle activities.

compliIT

About compliIT Packages

Select Package

Basic Policy Package

$49.99

Moderate Policy Package

$129.99

Advance Policy Package

$169.99

Package Contents

Basic Package

Moderate Package

Advance Package

Pilicy Title

i

Standard policy for the implementation and management of a security awareness program for general purposes, or to meet compliance requirements.

i

The purpose of this standard is to establish baseline configurations for information systems that are owned and/or operated by the entity. Effective implementation of this standard will maximize security and minimize the potential risk of unauthorized access to information and technology.

This standard outlines the additional protections required for the use of mobile devices.

i

The purpose of this standard is to establish authorized methods for remotely accessing resources and services securely.

i

This standard relates specifically to vulnerabilities that can be addressed by a software or firmware update (patch) and applies to all software used on the entity’s systems.

i

This standard provides a risk management framework to evaluate current security posture, identify gaps, and determine appropriate actions.

i

This standard defines how the organization classifies their systems and data, such as confidential, internal, and public, so that the correct controls can be put into place based on the classification.

i

This standard outlines the general steps for responding to computer security incidents.

i

The purpose of this standard is to establish the rules and processes for creating, maintaining and controlling the access of a digital identity to an entity’s applications and resources for means of protecting their systems and information.

i

The overarching information security policy that defines all aspects of an organizations security implementation.

i

To ensure that Information Technology (IT) resources are protected by physical and environmental security measures that prevent physical tampering, damage, theft, or unauthorized physical access.

i

Ensures that personnel security safeguards are applied to the access and use of information technology resources and data.

i

i

Ensures that only properly identified and authenticated users and devices are granted access to information technology resources in compliance with IT polices, standards, and procedures.

i

To be prepared for unexpected events or disruptions to ensure quick and effective response, which minimizes negative consequences and downtime ensures that normal Information Technology (IT) resources and information systems are available during times of disruption of services.

i

Ensures the implementation of access controls and in compliance with IT security policies, standards, and procedures.

i

i

Identifies the acceptable use of information technologies for an organization including specific hardware and software, and their requisite version, that are acceptable for use.

i

i

This policy defines how an organization collects, uses, and shares personal information. It defines the data handling practices and remain in compliance with privacy laws.

i

This standard outlines that all systems must be scanned for vulnerabilities. In addition, each system must be inventoried and have an individual or group assigned responsibility for maintenance and administration.

i

This standard defines requirements for security log generation, management, storage, disposal, access, and use.

i

We will work with your company to create regulatory specific policy add-ons to cover GDPR, PCI-DSS, HIPSS, and other known industries.

i

This Secure System Development Life Cycle Standard defines security requirements that must be considered and addressed within every SDLC. This policy can be purchased individually.

i

The objective of this coding standard is to ensure that code written is resilient to high-risk threats and to avoid the occurrence of the most common coding errors which create serious vulnerabilities in software. This policy can be purchased individually.

i

Ensures that Information Technology (IT) resources and information systems are established with effective security controls and control enhancements that reflect applicable federal and state laws, Executive Orders, directives, regulations, policies, standards, and guidance.

i

Ensures that Information Technology (IT) resources and information systems are established with effective security controls and control enhancements that reflect applicable federal and state laws, Executive Orders, directives, regulations, policies, standards, and guidance.

i

To ensure that Information Technology (IT) controls access to and disposes of media resources in compliance with IT security policies, standards, and procedures.

i

This policy defines how IT assests, systems, and software are updated, patched, and repaired to ensure their security, stability, and reliability.

i

i

i

Ensures that Information Technology (IT) resources and information systems are established with system integrity monitoring to include areas of concern such as malware, application and source code flaws, industry supplied alerts and remediation of detected or disclosed integrity issues.

i

Ensures audit of security controls in information systems, and the environments in which those systems operate, as part of initial and ongoing security authorizations, annual assessments, continuous monitoring and system development life cycle activities.

i

Individual Policies

Select A Single Policy

Single Policy