A well-written corporate security policy is the foundation of a solid security program. The security policy lays out objectives, assigns various responsibilities, and provides direction to protect your organization’s critical information. Furthermore, most industry regulations and compliance mandates require a security policy be in place and contain a variety of critical security elements.

Contact Us for More Information
Security Policy


To ensure the rapid delivery and consistent quality of the Security Policy Review solution we will follow these steps:

  1. Information Gathering
    • The process begins when a customer officially engaging Blue Lance and starts with a questionnaire and a ‘Getting Started Guide.’ The customer will designate points of contact and the project manager will work with the customer to develop a schedule of events for conducting the assessment.
  2. Document Request and Review
    • During the security policy review engagement we will conduct a thorough review of current documentation relevant to your organization’s security policy. This may include the following:
      • Current, draft, or proposed security policies or procedures.
      • Configuration standards.
      • Vendor configuration guidance documents.
      • Regulatory documentation.
      • Formal or Informal emails or memos sent to personnel that describe a policy position that has not been documented in a formal policy.
      • Documents that contain Information Security instruction or policy statements available only as hard copy.
      • Documentation that has been created specifically to meet industry regulations or compliance mandates.
      • Sample of contracts used for the engagement of contractors and third parties.
      • Sample of confidentiality agreements or non-disclosure agreements required for employees, and third-party staff.
      • Documentation containing job descriptions and relevant security responsibilities outlined.
      • Standard contract used by the company to engage any third party information security processing facility.
  3. Interviews
    • We may conduct a series of corroborating interviews with your organization’s relevant personnel. The interviews are conducted to ensure the inclusion of cross-functional groups’ requirements within the organization.


  • A policy that ensures that organization’s security policy confirms to the required industry standards and compliance mandates.
  • Recommendations to help your company build better organized and formal security program that will conform to industry best practice by following legal and regulatory strictures.
  • Policy Evaluation Recommendation.


  • Policy Evaluation Recommendation.