My Account

Information Technology PolicyPro®

Understanding and managing IT risks, like network and data security, spam, marketing communications, and employees’ use of personal devices for work, is more essential than ever in today’s business and technology environments.

Information Technology PolicyPro (ITPP) provides a practical and effective way of designing, implementing and reviewing controls over your IT in the context of your overall business strategy.

ITPP helps you:

Meet your IT compliance obligations with Information Technology PolicyPro
  • Understand, assess and address the risk from technologies in the workplace
  • Develop, implement, distribute and maintain technology-related policies
  • Manage IT and security resources, including networks, websites, confidential information, work devices, communications
  • Streamline acquisition and deployment of IT
Click here to take a free trial of Information Technology PolicyPro Click here to see what policies and resources are included with ITPP
Bullet point image Loose-leaf and software formats
Bullet point image Four updates a year
Bullet point image One-year subscription: $775
Bullet point image Annual renewal: $465

Co-published by:

Information Technology PolicyPro is co-published by CPA Canada and First Reference

Practical

The resource is designed to make it a relatively simple process for any size business to adopt policies and procedures for IT risk management. Choose from over 95 sample policies and procedures that can be adopted in their entirety or can be easily customized in Microsoft Word® to address the unique aspects of your business.

Authoritative

ITPP is co-published with The Chartered Professional Accountants of Canada (CPA Canada), written by Jeffrey D. Sherman, Bcomm, MBA, CIM, FCPA, FCA, and edited by Apolone Gentles, JD, CPA, CGA, FCCA. The resource is the only policy-development service based on Canadian compliance and best practice. The policies and procedures are tied to the most authoritative IT control frameworks, the Information Technology Control Guidelines (ITCG) and the Control Objectives for Information and Related Technology (CobiT).

Current

Updated four times a year, the resource contains the most current information and sample policies and procedures.

About Information Technology PolicyPro

Loose-leaf (Click on the chapters for more information)

Volume I

Introduction

Control Objectives and Techniques

Chapter 1.00 - Planning
[hide]

Chapter 1.00 - Planning

  • 1.01 Strategic Planning
  • 1.02 Tactical Planning
  • 1.03 Implementation Planning
  • 1.04 Site Planning
  • 1.05 Risk Assessment
  • 1.06 Risk Management

Chapter 2.00 - Systems Acquisition, Maintenance and Disposal
[hide]

Chapter 2.00 - Systems Acquisition, Maintenance and Disposal

  • 2.01 Accountability for Systems
  • 2.02 Systems Acquisition
  • 2.03 Recording IT Assets
  • 2.04 System Setup
  • 2.05 Warranties and Support
  • 2.06 Maintenance
  • 2.07 Disposal of Hardware

Chapter 3.00 - Software Acquisition, Implementation and Maintenance
[hide]

Chapter 3.00 - Software Acquisition, Implementation and Maintenance

  • 3.01 Standard Applications
  • 3.02 Application Development and Implementation
  • 3.03 Non-standard Software
  • 3.04 Standard Application Fixes
  • 3.05 Licenses
  • 3.06 Software Downloading

Chapter 4.00 - Systems Management
[hide]

Chapter 4.00 - Systems Management

  • 4.01 Computer Naming System Conventions
  • 4.02 Role-based User Management
  • 4.03 Internet Access
  • 4.04 Downloading

Chapter 5.00 - Data Management
[hide]

Chapter 5.00 - Data Management

  • 5.01 Data Processing Integrity and Validation
  • 5.02 Data Backup and Storage
  • 5.03 Management of Third Party Services
  • 5.04 Database Management
  • 5.05 Customer Relationship Management Data
  • 5.06 Records Retention

Chapter 6.00 - Computing Operations and Support
[hide]

Chapter 6.00 - Computing Operations and Support

  • 6.01 Configuration and Systems Management
  • 6.02 Access Administration
  • 6.03 System Availability
  • 6.04 Service Levels
  • 6.05 Operations and Scheduling
  • 6.06 Performance and Capacity Management
  • 6.07 Corporate Website
  • 6.08 Company Intranet
  • 6.09 Cost Allocation
  • 6.10 Problems and Incident Management

Chapter 7.00 - Monitoring and Evaluation
[hide]

Chapter 7.00 - Monitoring and Evaluation

  • 7.01 IT Effectiveness Reviews
  • 7.02 Logging Controls
  • 7.03 Internal Audits
  • 7.04 Performance and Capacity Reviews
  • 7.05 Security Reviews
  • 7.06 Software Audit

Volume II

Chapter 8.00 - Physical and Systems Security
[hide]

Chapter 8.00 - Physical and Systems Security

  • 8.01 Physical and Infrastructure Security
  • 8.02 Systems Security
  • 8.03 User Identification and Passwords
  • 8.04 Confidentiality and Privacy
  • 8.05 Controls for Viruses, Worms and Malware

Chapter 9.00 - Data Security
[hide]

Chapter 9.00 - Data Security

  • 9.01 Data Ownership
  • 9.02 Data Classification
  • 9.03 Data Access Controls
  • 9.04 Application Security Controls
  • 9.05 Data Disposal
  • 9.06 Data Encryption

Chapter 10.00 - Network Security
[hide]

Chapter 10.00 - Network Security

  • 10.01 Network Hardware Connection
  • 10.02 Firewall Protection
  • 10.03 Remote Access
  • 10.04 Wireless Network
  • 10.05 Network Intrusion Detection
  • 10.06 File Transfer Protocol
  • 10.07 Email Security
  • 10.08 Instant Messaging
  • 10.09 Electronic Commerce

Chapter 11.00 - Backup and Disaster Planning
[hide]

Chapter 11.00 - Backup and Disaster Planning

  • 11.01 Disaster Planning Team
  • 11.02 Disaster Notification
  • 11.03 Identification of Critical Processes
  • 11.04 Backup Schedule
  • 11.05 Backup Files Stored Onsite
  • 11.06 Backup Files Stored Offsite
  • 11.07 Offsite Processing Agreements
  • 11.08 Disaster Recovery Plan Testing
  • 11.09 Disaster Recovery Plan Review
  • 11.10 Disaster Recovery Team
  • 11.11 End-user Restrictions

Chapter 12.00 - Training and Support
[hide]

Chapter 12.00 - Training and Support

  • 12.01 IT Staff Training
  • 12.02 End-user Training
  • 12.03 Customer Support

Chapter 13.00 - User Responsibilities
[hide]

Chapter 13.00 - User Responsibilities

  • 13.01 System Access and Acceptable Use
  • 13.02 Data Access and Data Protection
  • 13.03 Passwords
  • 13.04 Email Acceptable Use
  • 13.05 Internet Access and Acceptable Use
  • 13.06 Clear and Locked Screen
  • 13.07 Removable Media
  • 13.08 Portable Computers
  • 13.09 Remote Acesss - Users

Chapter 14.00 - Mobile Device Management: BYOD
[hide]

Chapter 14.00 - Mobile Device Management: BYOD

  • 14.01 BYOD: Acceptable Devices and Operating Systems
  • 14.02 BYOD: Systems Access and Acceptable Use
  • 14.03 Security for BYOD Devices
  • 14.04 Maintenance and Support for BYOD Devices Email Acceptable Use
  • 14.05 Employee Agreements for BYOD Participation
  • 14.06 Compensation for BYOD

Print ISSN 1911-5873 Online ISSN 1923-8916

Software

Use the PolicyPro® software to

Authors and Editors

Jeffrey D. Sherman, Bcomm, MBA, CIM, FCPA, FCA, is a director or CFO of several public companies and has had over 20 years of executive management experience. His interests include corporate governance, risk management, accounting and finance, restructuring and start-up enterprises.

Mr. Sherman has lectured and conducted seminars for many organizations, and was an adjunct professor at York University for 15 years. He is a popular course director and course author for many organizations, including The Chartered Professional Accountants of Canada (CPA Canada), and other provincial institutes of chartered accountants and law societies, and has written many magazine articles on finance and accounting. He has written over 20 books including: Finance and Accounting PolicyPro, Not-for-Profit PolicyPro and Information Technology PolicyPro (guides to risk management, governance, procedures and internal controls, all published by First Reference and the CPA), Cash Management Toolkit (published by the CPA), as well as Canadian Treasury Management, Canadian Risk Management and Financial Instruments: A Guide for Financial Managers (all published by Thomson-Reuters/Carswell). More about Jeffrey.

Apolone Gentles is a CPA, CGA and Ontario lawyer and editor with over 20 years of business experience.

She has held senior leadership roles in non-profit organizations, leading finance, human resources, information technology and facilities teams. She has also held senior roles in audit and assurance services at a "Big Four" audit firm. Apolone has also lectured in auditing, economics and business at post-secondary schools.

Co-published by:

Information Technology PolicyPro is co-published by CPA Canada and First Reference
Our website uses HTML5 and CSS3
HTML5 logo by World Wide Web Consortium
HTML5 logo