Re: Information Security Standard Operating Procedures

[William Custer <custerwl () MUOHIO EDU>]

Kevin,

We have informal procedures that have evolved over the years and are
partially documented in our Knowledge Base System maintained primarily by
the Support Desk.  We recently set a goal to document the top 20 in the
course of 3 months, by this Dec 31.   After that another 20 etc.  An
advisory group contributed to the list.

In cases where you have good informal procedures, I would document and
tighten them up myself.  In cases where you have no procedures, I would
look for models elsewhere.  The Model Policy Sub-committee is always
looking for examples of policy and procedures and monitors this list for
good material.


At 04:43 PM 11/14/2006, you wrote:
> Hi Everyone:
>
> Have any of you gone through the process of creating Standard Operating
> Procedures (SOPs) for your Information Security System?  If so did you use
> pre-purchased templates or create your own?  Do you have any suggestions
> or guidance on how we would best start this process at the University of
> Cincinnati?
>
> -Kevin
>
>
>
> Kevin L. McLaughlin
>
> CISM, CISSP, PMP, ITIL Master Certified
>
> Director, Information Security
>
> University of Cincinnati
>
> 513-556-9177 (w)
>
> 513-703-3211 (m)
>
> mclaugkl () ucmail uc edu
>
>
>
>
> []
>
>
> CONFIDENTIALITY NOTICE: This e-mail message and its content is
> confidential, intended solely for the addressee, and may be legally
> privileged. Access to this message and its content by any individual or
> entity other than those identified in this message is unauthorized. If you
> are not the intended recipient, any disclosure, copying or distribution of
> this e-mail may be unlawful. Any action taken or omitted due to the
> content of this message is prohibited and may be unlawful.

Attachment: 4fce1c9.jpg
Description: