Falcon IT Services Security Policies
IT policies and procedures are intended to keep companies, their employees, and their clients safe. Employers should have these included in the IT section of their employee training manuals and/or onboarding documentation. If you wish to add these policies to your employee manual, please contact us to receive a copy/paste version that you can easily integrate into your own documents. Below you will find our own set of recommended policies which are partially derived from NIST (National Institute of Standards) best practices.
The advisory level policies are optional, but recommended for businesses that wish to implement robust security. The required are baseline level policies are intended to be used as a minimum set of guidelines that we require our clients to adhere to. You may opt out of the required security policy requirements by signing an indemnification waiver.
Depending on your industry and the type of data that you work with, there may be additional policies that you may need to implement. Additional security may be required to be compliant with HIPAA, FISMA and other regulatory mandates as well as with CTPAT, PCI and other industry specific security frameworks.
We understand that companies and the individuals within them have unique needs, therefore our baseline policies are not absolute. We have a review process for policy exception requests. Our objective is not to define precisely how hardware, software, processes and procedures are implemented, but rather to make sure that implementations are compliant with current IT security best practices.