Why Information Security Policies and Procedures?

Information Security Policies and Procedures (ISPP) communicate management intent on information security requirements and provide consistent guidance to your IT team and users. It demonstrates your commitment to information security and also provides assurance to your auditors.

How can Turnkey help?

Turnkey provides assistance in developing and documenting ISPP. Apart from ISPP, we also assist you in documenting information security guidelines/ baselines/ standards for various technology components such as operating systems, database, routers, firewalls, network, etc.

Turnkey ISPP Suite

Turnkey assists you in developing an ISPP, which is technology independent, practical and implementable, flexible to accommodate changes in business requirements and growth and enforceable at all levels of your organization. The ISPP will address your management’s intent, security objectives and map these to overall business objectives.

Turnkey offers an ISPP, which aims to achieve a balance between business risks and benefits through a structured framework incorporating People, Process and Technology.

info-security-policies01.jpgOur ISPP is also aligned to industry standards such as ISO27001.

Turnkey follows a structured phase-wise approach, which consists of three phases:


  • Threats assessment – identify security concerns inherent to your IT systems
  • Business requirements analysis – identifies security controls relevant to your business and considers your organization culture, industry requirements, regulatory/ compliance requirements, etc.
  • ISPP development

Other services

We also assist you in running and managing information security awareness programs. This includes development of awareness materials such as training slides, posters, email communications, competitions, CBT, quiz, interactive programs, etc.