Home > Information Security, Risk Management > Anyone interested in an ISO17799-Aligned Set of IT/Information Security P&P’s – Great Rational Starter Kit for a Security Program!

Anyone interested in an ISO17799-Aligned Set of IT/Information Security P&P’s – Great Rational Starter Kit for a Security Program!

August 22nd, 2007

I have spent a lot of time, sweat and tears in prior lives chipping away at building a template set of IT/Information Security policies and procedures that were aligned to (and audited against) various regulatory requirements and the 10 Domains/127 Controls of ISO17799.

This consolidated set of P&P’s is intact and well written.  Actual business people have been able to read, understand and (gasp!) comply with them.  I know, "impossible!" you say.  Nay, ’tis rational is all…

As part of my effort to give back, I thought that many of you maybe at a point where while you have lots of P&P’s specific to your business, not having to reinvent the wheel by drafting this sort of polished package yourself or paying someone to do it might be useful.

The P&P’s are a complete package that outline at a high-level the basis of an ISO-aligned security program; you could basically search/replace and be good to go for what amounts to 99% of the basic security coverage you’d need to address most elements of a well-stocked security pantry.

You can use this "English" high-level summary set to point to indexed detailed P&P mechanics or standards that are specific to your organization.

Would this be of some use to you?  I would need to do some work to take care of some rough spots and sanitize the word doc, but if there is enough interest I’ll do it and post it for whomsoever would like it.  Just to be clear, the P&P’s are already written, I’ll just make it SEARCH/REPLACE friendly.

I’m not trying to tease anyone, I just don’t want to do the up-front work if nobody is interested.

Let me know in the comments; no need to leave website links (for obvious reasons) just let me know by your comment if this is something you’d like.  If I get enough demand, I’ll "get her done!"

OK, good enough.  Thanks for the comments.  I’ll post it up in the next few days.  Thanks guys.


  1. August 22nd, 2007 at 17:40 | #1

    I am curious to see it …

  2. Eskimoke
    August 22nd, 2007 at 18:04 | #2

    Me, me, me!
    I would definitely like to see what you are working on. Thanks in advance for puttin' in the time.

  3. August 22nd, 2007 at 18:30 | #3

    hell yeah!

  4. Kyle C. Quest
    August 22nd, 2007 at 19:42 | #4

    Two thumbs up 🙂 It will make a lot of lives easier.

  5. August 22nd, 2007 at 20:04 | #5

    Oh! Oh! OHHH!!! *waves hand, Horshack-like*

  6. Walter Werner
    August 22nd, 2007 at 23:50 | #6

    Definitely. I'm right in the middle of such a process myself…

  7. mr c
    August 23rd, 2007 at 00:41 | #7

    Defo. I am just starting the process myself…

  8. lmorair
    August 23rd, 2007 at 00:46 | #8

    One more please! It is always good to collect such important and valuable docs when beginning.
    Many Thanks!

  9. mokum von Amsterdam
    August 23rd, 2007 at 00:52 | #9

    Most certainly.

  10. David
    August 23rd, 2007 at 02:39 | #10

    I'd love to take a look.

  11. Arthur
    August 23rd, 2007 at 03:56 | #11

    You know it….

  12. August 23rd, 2007 at 05:04 | #12

    I would love to see it.

  13. August 23rd, 2007 at 05:10 | #13

    Posting those would be a tremendously helpful and unselfish act. What a great way to benefit the community!
    I would be very interested in taking a look through them.

  1. No trackbacks yet.
Comments are closed.