Policy Open Sourcing
- 2 minutes read - 326 wordsPolicy Open Sourcing
Over the years, I’ve worked with multiple companies, contributing my skills, insights, and, often, writing and rewriting policies. Every new enterprise brought a fresh slate, yet I found myself revisiting familiar grounds. I realized recently that I am once again working to develop an Information Security program, in line with multiple industry and regulatory frameworks. The last few times I have been building an information security program in line with FFIEC, ISO 27001, and NIST 800-53.
I am asking myself why start from scratch every time? The easy answer is that all the other times I have done this, I have been under an assignment of work that didn’t allow me to share my work in the way I am able to now. So I figured I would release an initial draft of some of the policies, programs, standards, and controls I am working on and considering. Obviously, I will be removing any sensitive information and any situation-specific information, but my goal is to have a good starting place for me and others in the future.
By open-sourcing my policies, I aim to foster collective growth, streamline efficiency, offer a foundational template for customization, promote knowledge sharing, and give back to the community that has enriched my journey. By open-sourcing my policies, I aim to foster collective growth, streamline efficiency, offer a foundational template for customization, promote knowledge sharing, and give back to the community that has enriched my journey.
Stay tuned as I’ll release a series of policies that can serve as templates for some Information Security programs. As with all things, take this with a grain of salt, your mileage may vary, etc, etc.
Feedback, as always, is highly valued. If you’ve been down this path or are just starting, I invite you to collaborate, tweak, adjust, and make these policies fit your unique business needs and feel free to send me any changes you think would benefit the broader community.