I've been asked to source the below for a small / medium business. Any help with this would be great... Templates and or explanation on what is required.
- A written information security program to protect the confidentiality, integrity and availability of our information. Professional certification such as ISO27001, PCI-DSS AOC, SOC Type II
- Not sure what they are asking for here...... Do you have established controls for assessing and ongoing oversight of the adequacy of your own partners / suppliers IT Security postures?
- Corporate incident response policy and a formalized breach notification process