Security Policy

Although SpotIT cannot issue you with an ISO 27001 certificate, we do have ISO 27001-certified engineers who can help you prepare for an ISO audit. We believe security policies should be more pragmatic: rather than another book on your shelf, what you need is a policy that really improves the security of your information.

That’s why SpotIT uses a combination of the COBIT (Control Objective for Information and Related Technology) framework and legally required standards (ISO, SOX, NIST, etc.), as well as plenty of common sense, to create a tailored security policy for our customers that is achievable and offers real added value. Moreover, COBIT allows us to compare the information security maturity in your organization with industry averages and your own goals, so that we can draw up an Information Security Action Plan (ISAP) to raise your organization’s level of information security maturity.

This ISAP is combined with your legally required standards to create a Written Information Security Plan (WISP). Not only does the WISP contain your security policies, but it also helps your end users to comply with these policies by providing them with all information they need for this in one document, including examples to help them understand the information on security policies, templates for reporting information security incidents, and so on.