Security Manual TemplateSecurity Manual Template
Version History

Sarbanes-Oxley - GDPR - HIPAA
PCI-DSS - CobiT
ISO 27000 Compliant

Order Security Manual Template Download Sample

Security Manual Template Version History - The Security Manual Template is typically updated every three to six months. If you subscribe for the update service you will automatically receive all of these updates. You can maximize your investment by subscribing to our update service. With the updated you are kept abreast of the latest technological and mandated security developments. Below is a listing of the most recent updates.

Version History

2023 Edition

  • Updated to meet the latest security requirements and mandates including ISO 28000 Supply Chain Management
  • Updated all policies included to 2023 editions
  • Update all tools to 2023 editions
  • Updated all included electronic forms
  • Updated all included job Descriptions

 

2022 Edition

  • Updated and added HIPAA Audit Program in the “tools” subdirectory
  • Updated to meet the latest security requirements
  • Updated all policies included to 2022 editions
  • Update all tools to 2022 editions
  • Updated all included electronic forms
  • Updated all included job Descriptions

2021 Edition

  • Updated the Internet, Email, Social Networking, Mobile Device, and Electronic Communication Policy to highlight Ransomware gateway email threats
  • Updated to meet the latest compliance mandates including CCPA and GDPR
  • Updated to meet WFH security requirements
  • Updated all 28 included electronic forms
  • Added form
    • Work From Home Work Agreement
  • Added job descriptions
    • Data Protection Officer
    • Manager Security and Workstation
    • Manager WFH support
    • Security Architect
    • System Administrator
  • Updated job descriptions

2020 Edition

  • Updated to meet the latest compliance mandates including CCPA
  • Included job descriptions
    • Chief Security Officer (CSO)
    • Chief Compliance Officer (CCO)
  • Included Policy – Internet, Email, Social Networking, Mobile Device, and Electronic Communication Policy as a standalone item.
  • Updated all electronic forms to current versions
  • Updated all attached policies to current versions

2019 Edition

  • The entire template and all of it supporting components were reviewed and modified to meet all mandated security and privacy compliance requirements.
  • Each of the electronic forms were updated and added to a separately downloaded pdf file and set of individual electronic forms
  • Updated all of the supporting policies. The policies are now provided as separate MS WORD electronic files

2018 - 07 Editions

  • Added section to cover New California Consumer Privacy Act – Defines consumer rights and business responsibilities.
  • Change the Version numbering system for the Security Manual template

Version 12.2

  • GDPR Compliance Checklist added
  • All policies updated to meet the latest compliance requirement
  • All of the electronic forms updated

Version 12.1

  • Added full policies as separate documents in the basic download
    • Blog and Personal Website Policy
    • Mobile Device Policy
    • Physical and Virtual File Server Security Policy
    • Sensitive Information Policy - Credit Card, Social Security, Employee, and Customer Data
    • Travel and Off-Site Meeting Policy
  • Updated best practices to include lessons learned from the extended and multiple business interruptions in the late summer and early fall of 2017

Version 12.0

  • Added section on Security Information and Event Management (SIEM) - includes best practices
  • Added section on Identity Protection
  • Updated 24 included electronic forms
  • Updated mandated compliance requirement
  • Added eReader version to product offering

Version 11.3

  • Added section on 10 Best Practices for Ransomware Protection
  • Updated to meet the latest mandated compliance requirements and ISO standards
  • Added section on Practical Tips for Prevention of Security Breaches and PCI Audit Failures
  • Added section on the risk assessment process

Version 11.2

  • Added User/Customer Sensitive Information and Privacy Bill of Rights

Version 11.1

  • Added Best Practices Section
  • Added Electronic forms for:
    • Mobile Device Security and Compliance Checklist
    • Outsourcing and Cloud Security Compliance Agreement
    • Server Registration
    • Text Messaging and Sensitive Information Agreement
  • Updated Electronic Forms
  • Updated Graphics
  • Reviewed and updated to meet all mandated government and international standard requirements
  • All of the supplemental materials have been updates
    • Business Impact Analysis Questionnaire
    • SOX Compliance Checklist
    • PCI Audit Program
    • Threat Assessment and Vulnerability Tool Kit

Version 11

  • Added Firewall Requirements list
  • Added Firewall Policy Security Checklist
  • Updated to meet all ISO requirements

Version 10.3

  • Updated to reflect Cloud requirements
  • Updated to reflect new and old storage technologies
  • Updated BYOD Use Agreement Form
  • Added BYOD and Mobile Content Best of Breed Security Checklist

Version 10.2

  • Added Physical and Virtual Server Security Policy
  • Added Server Registration electronic form
  • Updated headers and footers to facilitate easier customization by user

Version 10.1

  • Add Electronic forms for Threat and Assessment Process - Utilized Adobe FormCentral - FormCentral at End-of-Life as of 1/1/2018
  • Added Electronic Risk Assessment Matrix - Excel
  • Updated graphics

Version 10.0

  • Added section on FIPS 199
  • Added section on NIS SP 800-53
  • Added Electronic Forms
    • FIPS 199 Assessment Electronic Form

Version 9.2

  • Updated the Threat and Vulnerability Assessment to include mobile devices and BYODs
  • Added Electronic form
    • BYOD Access and Use Agreement

Version 9.1

  • Added Electronic form
    • Employee Termination Checklist
  • Added Best Practices Section to Meet Compliance Requirements

Version 9.0

  • Updated Sensitive Information Policy
  • Added Electronic Forms
    • Blog Policy Compliance
    • Company Asset Employee Control Log
    • Email - Employee Acknowledgment
    • Internet Access Request
    • Internet Use Approval
    • Internet & Electronic Communication - Employee Acknowledgment
    • Mobile Device Access and Use Agreement
    • New Employee Security Acknowledgment and Release
    • Preliminary Security Audit Checklist
    • Security Access Application
    • Security Audit Report
    • Security Violation Reporting
    • Sensitive Information Policy Compliance Agreement

Version 8.3

  • Added policy for mobile device access and use
  • Added Mobile Device Assess and Use Agreement Form
  • Added Enterprise Owned Equipment Inventory Form
  • Updated CSS Style sheet

Version 8.2

  • Updated the Threat and Vulnerability Assessment Tool

Version 8.1

  • Add section on Best Practices When Implementing Security Policies and Procedures.
  • Added section on Skype
  • Updated Sensitive Information section
  • Added section on enterprise web site security flaws
  • Corrected minor errata

Version 8.0

  • Updated Fire Suppression Section
  • Updated for ISO compliance and security domain definition
  • Log management section expanded

Version 7.3

  • Updated Risk Assessment Business and IT Impact Questionnaire
    • Updated for COBIT compliance
    • Updated for PCI-DSS compliance
    • Updated for US state level compliance (New York, Massachusetts, and California)\
    • Update for ISO security requirements

Version 7.2

  • Updated to comply with CobiT requirements
  • Added Security Management Compliance Checklist
  • Added Massachusetts Data Protection Requirements Section
  • Added Massachusetts 201 CMR 17 Compliance Checklist

Version 7.1

  • Corrected minor errata
  • Added Employee Termination Process
  • Added Employee Termination Checklist
  • Forms Added
    • Employee Termination Form

Version 7.0

  • Updated to reflect latest PCI-DSS requirements
  • Updated the sensitive information policy section
  • Forms Updated
    • Security Violation Form
    • Inspection Checklist
    • New Employee Security Form
    • Internet & Electronic Communication - Employee Acknowledgment (short form)
    • Internet Use Approval Form
    • Internet Access Request Form
    • Security Access Application Form
  • Updated ISO 27000 Security Process Audit Checklist
  • Updated to CSS Style Sheet

Version 6.5

  • Updated Threat and Vulnerability Assessment tool to include a detail work plan for the assessment process.
  • Updated Threat and Vulnerability Assessment tool to include a definition of the safeguards that should be included.
  • Threat and Vulnerability Assessment tool provided in PDF, WORD 2003, Word, EXCEL 2003, and EXCEL 2007 formats

Version 6.4

  • Blog & Personal Web Site Policy added
  • Replaced WORD 2003 style sheet with Word style sheet

Version 6.3

  • Best Practices Update
  • Added section with a summary of the ISO 27000 Series standards
  • Updated the template to comply with ISO 27000 Series Standards (27001 and 27002)
  • Disaster Recovery Plan Basics Section Added
  • Wireless Security Standards Added
  • Updated Business Impact and IT Questionnaire
  • Corrected various errata

Version 6.2

  • Sensitive Information Policy Updated
    • Best Practices Added
    • Wireless and VPN Added
    • Payment Card Industry Data Security Standard Added
    • Added separate document PCI DSS Audit Program
  • Internet and E-mail Communication Updated
    • E-mail Forwarding Added
  • Travel, Laptop, PDA, and Off-Site Meetings Updated
    • Laptop and PDA Security Added
    • Wireless and VPN Added

Version 6.1

  • Added HIPAA Audit Program Guide
  • Added ISO 17799 Security Audit Checklist

Version 6.0

  • Added section defining ISO 17799 requirements
  • Modified entire template to be ISO 17799 compliant
  • Added Best Data Deletion and Retention Practices
  • Added Spy ware Best Practices and Removal
  • Provided two versions of the documents - MS WORD
  • New Forms
    • Internet Use Approval Form
    • Internet Access Request Form
  • Updated forms
    • Internet Usage Policy - Employee Acknowledgment (short form)
    • E-mail Usage Policy - Employee Acknowledgment (short form)

Version 5.1

  • New section on Internet, e-mail, and Electronic Communication
  • New forms
    • Internet Usage Policy - Employee Acknowledgment
    • E-mail Usage Policy - Employee Acknowledgment

Version 5.0

  • New section on Sensitive Information
  • New forms
    • Checklist For Separating Employees
    • Supervisor Checklist For Separating Employees

Version 4.1

  • New section on lost equipment
  • New section on termination process
    • Deciding whether to fire
    • Carrying out the firing decision
  • New attached excel spreadsheet with internal controls checklist for Sarbanes-Oxley section 404 compliance

Version 4.0

  • New section on travel and off-site meetings
  • Updated Inspection Check List Form

Order Security Manual Template Download Sample