it policies & frameworks
audit-ready policies aligned to recognised frameworks
Nobody starts a business dreaming about IT policies. But they matter. Whether it's proving to a client that you take data seriously, meeting the requirements of Cyber Essentials, working towards ISO certification or simply making sure your team knows what's expected when it comes to technology, having the right policies in place protects your business. They're also increasingly a requirement for winning public sector and government contracts, where demonstrating compliance with standards like ISO 27001, ISO 9001 and ISO 20000 can be the difference between getting through the door and being ruled out at tender stage.
I write clear, practical policies tailored to how your business works and designed to meet the standards that auditors, clients and procurement teams expect to see.
I hold CISM, CGEIT, ISO 27001 and ITIL 4 certifications and have spent years writing, implementing and auditing IT policies across organisations of all sizes.
business essentials
The core policies every business should have in place.
- Acceptable Use Policy
- BYOD (Bring Your Own Device) Policy
- Password & Authentication Policy
- Data Protection & Privacy Policy
- Backup & Disaster Recovery Policy
- Email & Communication Policy
- Remote Working Policy
- Joiner, Mover, Leaver (JML) Procedures
service management & compliance
For organisations working towards ISO certification, pursuing government contracts or building a formal IT governance framework.
- Information Security Policy
- Change Management Policy
- Incident Management Policy
- Problem Management Policy
- Configuration Management Policy
- Release Management Policy
- Service Level Management Policy
- Capacity Management Policy
- Availability Management Policy
- Supplier Management Policy
- Business Relationship Management Policy
how every policy is structured
Each policy is built with the components that auditors and certification bodies expect to see.
- Purpose and objectives
- Scope
- Roles and responsibilities
- Policy statements
- Related procedures
- Compliance requirements
- Review schedules
framework alignment
Policies can be written to align with any of the following frameworks, depending on your requirements.
- ISO 27001 / 27002 (Information Security)
- ISO 9001 (Quality Management)
- ISO 20000 (IT Service Management)
- NIST Cybersecurity Framework
- SOC 2 (Service Organisation Controls)
- Cyber Essentials / Cyber Essentials Plus
pricing
- Individual policies from £300 each
- Policy bundles available at reduced rates
- Annual review and updates available
let's have a chat
get in touch