Beruflich Dokumente
Kultur Dokumente
Compliance Plan
HIC Inc.
Version 1
Introduction:
HIC Inc. defines Implementation, Enforcement, and Compliance Plans as company standards on
how to implement, enforce and comply with HIC Inc.’s corporate policies to safeguard users,
employees, and customer's confidentiality, integrity, and availability. The primary objective of the
Implementation, Enforcement, and Compliance Plan is to identify how HIC Inc. will distribute,
enforce, and train employees about the security policies in place. A secondary goal is to ensure all
Compliance Officer:
HIC Inc.’s Chief Information Security Officer (CISO) is acting as Compliance Officer whose
primary goal concerning security policy is to create, distribute, and manage HIC Inc.’s security
policy documents. Managing security policy documents includes staying up to date with current
with global compliance and policy changes, maintaining the policy, altering the policy, developing
resources and support documents for policies, and enforcement of the policy.
Monitoring and Reporting are required, and essential systems that ensure policies are practical and
effective. Using Monitoring and Reporting, the CISO can determine if the policies are being
followed by personnel and provide information on policy violations. Monitoring and Reporting
also provide vital information on how to adjust a policy to improve its success.
HIC Inc. will use automated systems to monitor and report on policy violations and provide
information on policy effectiveness. HIC Inc. will also perform random audits on personnel to
ensure individuals are up to update and aware of the security policies in position. With the use of
HIC Inc. Cameron W Assignment 7 Page 2
automated systems and random audits, HIC Inc. will ensure the organization meets compliance
HIC Inc. will have annual reviews of all policies and compare the reviews to the previous year's
baselines. Baselines will be created at the end of the year to track and record the organization's
overall policy posture. The use of these baselines will provide information into each random audit,
and automated system reports to develop effective policies that improve security compliance and
requirements.
Communication:
HIC Inc. will provide each employee with easy access to all security policies through the online
company portal. Employees can obtain the current security policies at any moment through the
portal with the knowledge the policy on the portal is the active policy. All new employee
orientation will provide new employees all active policy and will be required to read and sign off
on all active security policies, acknowledging each policy and agreeing to comply with the
policies.
A change to a security policy will be documented and emailed to all employees who are affected
by this change. Updates on every change of policy are on the company portal. The policy on the
portal is considered active, and each employee must read and acknowledged the new policy.
Questions on all policy changes should are to be directed to the direct manager.
Training:
All HIC Inc. employees are required to participate in an annual Security Awareness and Training
program, designed to improve and meet security regulatory compliance and requirements. Each
employee will receive an online Security Awareness Training class through their email that will be
HIC Inc. Cameron W Assignment 7 Page 3
required to complete in two weeks upon the distribution date. All employees will be informed of
the training program one month prior. All employees must complete the required training within
the two weeks and must obtain passing scores covering company policies and core security
concepts.
HIC Inc. Cameron W Assignment 7 Page 4
References
Bosworth, S., Kabay, M.E., and Whyne, E. (2014). Computer Security Handbook, Sixth