Product Login

Information Technology PolicyPro®

From policy to sign-off

Co-marketed with

Information Technology PolicyPro is co-marketedby CPA Canada and First Reference Inc.
Meet your systems and data management, security and disaster planning obligations with dwonloadable model polices

The leading source for up-to-date model policies based on Canadian compliance and best practice. Choose the classic print manual or the comprehensive online platform that automates policy management.

Choose which PolicyPro is right for you

Check out the features
available with each PolicyPro

PolicyPro Classic

Information Technology PolicyPro:
Online policy templates and print manuals

Try it free for 30 days


From policy to sign-off:
The complete policy management service

Try it free for 30 days

$ 875 /year (+ S&H)

$ 1,990 /year



Two-volume print manual with IT model policies updated regularly

Online versions of over 150 policies, forms and checklists regularly updated for changes in compliance and best practice

Add policies for finance, accessibility, non-profits and HR for each province
Note: no print option

Commentary by subject-matter experts outlines needs and considerations for each policy

Information Technology PolicyPro policies cross-referenced to leading control frameworks: ITCG and CobiT

Ask the Editor for queries about content or to suggest new policies

Bi-weekly newsletter reports revised and new policies and why they're important

Use or revise existing quizzes or create new ones to ensure each policy has been read and understood

Document management functionality for drafting and archiving policies

Use multiple manuals and distribution lists for different departments and employee groups

Management reports for tracking completion of assigned policies for internal and external audits

In-context help and technical support

Online accounts for each employee for reading assigned policies, completing quizzes and tracking progress

Documents securely stored in one central location with access from any location or device

Try it for free today!

Get PolicyPro Classic

Best offer:
Platform and content

* The PolicyProPlus Platform is also available without policy databases for $1,495 per year.

Information Technology PolicyPro Model Policies  (click on chapter titles for full lists)

Volume I

Control Objectives and Techniques

1. Planning

Chapter 1.00 - Planning

  • 1.01 Strategic Planning
  • 1.02 Tactical Planning
  • 1.03 Implementation Planning
  • 1.04 Site Planning
  • 1.05 Risk Assessment
  • 1.06 Risk Management

2. Systems Acquisition, Maintenance and Disposal

Chapter 2.00 - Systems Acquisition, Maintenance and Disposal

  • 2.01 Accountability for Systems
  • 2.02 Systems Acquisition
  • 2.03 Recording IT Assets
  • 2.04 System Setup
  • 2.05 Warranties and Support
  • 2.06 Maintenance
  • 2.07 Disposal of Hardware

3. Software Acquisition, Implementation and Maintenance

Chapter 3.00 - Software Acquisition, Implementation and Maintenance

  • 3.01 Standard Applications
  • 3.02 Application Development and Implementation
  • 3.03 Non-standard Software
  • 3.04 Standard Application Fixes
  • 3.05 Licenses
  • 3.06 Software Downloading

4. Systems Management

Chapter 4.00 - Systems Management

  • 4.01 Computer Naming System Conventions
  • 4.02 Role-based User Management
  • 4.03 Internet Access
  • 4.04 Downloading

5. Data Management

Chapter 5.00 - Data Management

  • 5.01 Data Processing Integrity and Validation
  • 5.02 Data Backup and Storage
  • 5.03 Management of Third Party Services
  • 5.04 Database Management
  • 5.05 Customer Relationship Management Data
  • 5.06 Records Retention

6. Computing Operations and Support

Chapter 6.00 - Computing Operations and Support

  • 6.01 Configuration and Systems Management
  • 6.02 Access Administration
  • 6.03 System Availability
  • 6.04 Service Levels
  • 6.05 Operations and Scheduling
  • 6.06 Performance and Capacity Management
  • 6.07 Corporate Website
  • 6.08 Company Intranet
  • 6.09 Cost Allocation
  • 6.10 Problems and Incident Management

7. Monitoring and Evaluation

Chapter 7.00 - Monitoring and Evaluation

  • 7.01 IT Effectiveness Reviews
  • 7.02 Logging Controls
  • 7.03 Internal Audits
  • 7.04 Performance and Capacity Reviews
  • 7.05 Security Reviews
  • 7.06 Software Audit

Volume II

8. Physical and Systems Security

Chapter 8.00 - Physical and Systems Security

  • 8.01 Physical and Infrastructure Security
  • 8.02 Systems Security
  • 8.03 User Identification and Passwords
  • 8.04 Confidentiality and Privacy
  • 8.05 Controls for Viruses, Worms and Malware

9. Data Security

Chapter 9.00 - Data Security

  • 9.01 Data Ownership
  • 9.02 Data Classification
  • 9.03 Data Access Controls
  • 9.04 Application Security Controls
  • 9.05 Data Disposal
  • 9.06 Data Encryption

10. Network Security

Chapter 10.00 - Network Security

  • 10.01 Network Hardware Connection
  • 10.02 Firewall Protection
  • 10.03 Remote Access
  • 10.04 Wireless Network
  • 10.05 Network Intrusion Detection
  • 10.06 File Transfer Protocol
  • 10.07 Email Security
  • 10.08 Instant Messaging
  • 10.09 Electronic Commerce

11. Backup and Disaster Planning

Chapter 11.00 - Backup and Disaster Planning

  • 11.01 Disaster Planning Team
  • 11.02 Disaster Notification
  • 11.03 Identification of Critical Processes
  • 11.04 Backup Schedule
  • 11.05 Backup Files Stored Onsite
  • 11.06 Backup Files Stored Offsite
  • 11.07 Offsite Processing Agreements
  • 11.08 Disaster Recovery Plan Testing
  • 11.09 Disaster Recovery Plan Review
  • 11.10 Disaster Recovery Team
  • 11.11 End-user Restrictions

12. Training and Support

Chapter 12.00 - Training and Support

  • 12.01 IT Staff Training
  • 12.02 End-user Training
  • 12.03 Customer Support

13. User Responsibilities

Chapter 13.00 - User Responsibilities

  • 13.01 System Access and Acceptable Use
  • 13.02 Data Access and Data Protection
  • 13.03 Passwords
  • 13.04 Email Acceptable Use
  • 13.05 Internet Access and Acceptable Use
  • 13.06 Clear and Locked Screen
  • 13.07 Removable Media
  • 13.08 Portable Computers
  • 13.09 Remote Acesss - Users

14. Mobile Device Management: BYOD

Chapter 14.00 - Mobile Device Management: BYOD

  • 14.01 BYOD: Acceptable Devices and Operating Systems
  • 14.02 BYOD: Systems Access and Acceptable Use
  • 14.03 Security for BYOD Devices
  • 14.04 Maintenance and Support for BYOD Devices Email Acceptable Use
  • 14.05 Employee Agreements for BYOD Participation
  • 14.06 Compensation for BYOD

Print ISSN 1911-5873
Online ISSN 1923-8916

Authors and Editors


Jeffrey D. Sherman, Bcomm, MBA, CIM, FCPA, FCA, has had over 20 years of executive management experience. He is a former director or CFO of several public companies. His extensive knowledge and experience includes corporate governance, risk management, accounting and finance, restructuring and start-up enterprises.

Mr. Sherman has lectured and conducted seminars for many organizations and was an adjunct professor at York University for 15 years. He is a popular course director and course author for many organizations, including The Chartered Professional Accountants of Canada (CPA Canada) and other provincial institutes of chartered professional accountants and law societies, and has written many books and articles on finance and accounting.

Co-marketed with

Finance and Accounting PolicyPro is co-marketed by CPA Canada and First Reference

Content Editor

Apolone Gentles, JD, CPA, CGA, FCCA, is an Ontario lawyer and editor with over 20 years of business experience.

Ms. Gentles has held senior leadership roles in non-profit organizations, leading finance, human resources, information technology and facilities teams. She has also held senior roles in audit and assurance at a "Big Four" audit firm. Apolone has also lectured in auditing, economics and business at post-secondary schools.

Managing Editor

Yosie Saint-Cyr, LLB, was called to the Quebec bar in 1988 and is a member in good standing. She practised business, employment and labour law until 1999 before becoming Managing Editor at First Reference.

Yosie is responsible for the high-quality, up-to-date content for employment law services and the Internal Controls Library. She is currently enrolled in the Osgoode Professional LLM degree program.

Our website uses HTML5 and CSS3
HTML5 logo by World Wide Web Consortium
HTML5 logo