IT & Information Security Policy Frameworks - HBP Systems Ltd.

Call Us: 01482 420 373

15 min callback guarantee!

Download our IT & Information<br />Security Policy Frameworks guide.

Download our IT & Information
Security Policy Frameworks guide.

Learn more about and compare the frameworks that we offer and find out why they're important to your business.

An Information Security Policy For Every Business

Define how all your users interact with your business data and the IT that they use everyday to protect what’s most important.

Cyber Security and protecting your business data should be a high priority for all businesses, and having a business-wide policy that’s adhered to creates a fundamental commitment to working in a secure way.

For some businesses it is a requirement to adhere to certain Cyber Security Policies, for instance when working with the government or certain financial institutions, plus they also feature as key principles underpinning ISO 27001 and ISO 27031 certifications.

Using an IT & Information Security Policy in your workplace is a great way to set a foundation of IT Security that will help protect against data theft, cybercrime and loss of time and money through IT Security flaws.

By default, all out IT Installation services provide a minimum level of IT security across all systems, putting in place a base-line model that we should – and can be adhered to by all businesses. We find that the stumbling block with many businesses in defining business-wide IT Security Policies seems to be where to start in formulating one.

That’s where our IT & Information Security Policy Frameworks come in.

End-Point Vulnerabilities

Servers Desktops Laptops Phones / Touch Devices Printers / Network Peripherals
  • Internet-based attacks
  • Intra-network viruses & malware
  • Internet-based attacks
  • Intra-network viruses & malware
  • Socially engineered, user-authorised exploits
  • Non-malicious user incompetence
  • Malicious manual data theft
  • Internet-based attacks
  • Intra-network viruses & malware
  • Socially engineered, user-authorised exploits
  • Non-malicious user incompetence
  • Malicious manual data theft
  • Device loss
  • Internet-based attacks
  • Intra-network viruses & malware
  • Socially engineered, user-authorised exploits
  • Non-malicious user incompetence
  • Malicious manual data theft
  • Device loss
  • Internet-based attacks
  • Intra-network viruses & malware

A Framework For Everyone


The default minimum level that we recommend all IT infrastructure, IT usage and Information Security adhere to. All our engineers will install your IT solutions abiding to this framework – whether you’ve requested it or not.


Building on the Standard Level Security Policy Framework, our Advanced Level caters for businesses that take IT & Information Security seriously. It offers a much stronger level of protection for your network and also encompasses the Government’s scheme Cyber Street Wise – Cyber Essentials accreditation.


Additional to our Advanced Level, we offer a custom policy framework where we will provide you with the necessary foundation to reach a specific industry or other certification.


Cyber Essentials & Cyber Essentials Plus Accreditation

As part of our Advanced Level Security Policy Framework, if adhered to, your business will be able to apply for the Cyber Essentials & Cyber Essentials Plus accreditation.

The Cyber Streewise Cyber Essentials accreditations are an on-going commitment that requires your entire business to work within the Cyber Essentials standards. For compling, and after being independently reviewed by an external certifying body you area awarded with a badge depicting the level that you attained.

The presentation of this badge can be a requirement for some businesses, or when working with the Govenment.

Our frameworks will form the basis of the application for the Cyber Essentials accreditation for which you can apply online.

Want to learn more?

Framework Comparison

Here you can see the key differences between the frameworks that we offer:

If you have any questions or would like to discuss anything further, call in free on 0800 0433 106.



On-Site Security Configuration
Set Global Domain Password Policy
Set Internal Device Password Policy
Encrypt Backups
Check SSL Certificates for All Applications
Lockdown Internal WiFi
Lockdown & Separate Guest WiFi
Set Mobile Password Policy
Configure All Client Firewalls
Enable & Configure UAC
Set Network Password Policy
Set Stringent Domain Password Policy
Set Stringent Firewall/Gateway Policy
Set Stringent Miscellaneous Device Policy
Set Stringent WiFI Password Complexity Policy
Lockdown Remote User Phone/Touch Device Policy
Segregate Home-Based Non-VPN Users
Lockdown Client Machine Resources/Software
Lockdown Server Machine Resources/Software
Setup Site-To-Site Backup Replication
Set Company-Wide Email To Require SFP Record
Set WiFi Password Reset Policies
Agreed Defined On-Site Security Configuration Service
Firewalls & Gateways
Inbound Traffic Controlled
VPNs Configured With Best-Practice Security
Management Configuration Locked Down
Restrict Resources For Home & Site-To-Site VPN
Access Configuration For Only Required Resources
Monthly Open Service Review
Agreed Defined Firewalls & Gateways Service
Remote Access Controls
Set Global RDP Policy
Set Administrator Access
Limit Access To Removable Media
Quarterly Review User Accounts
Agreed Defined Remote Access Control Services
Malware Protection
Set Client AV
Set Server AV
Set Client AV Scan Policies
Set Client Web Protection
Set Server AV Scan Policies
Set Anti-Spam/Email Scanning Solution
Agreed Defined Malware Protection Service
Patch Management
Set Client Update Policy
Set Server Update Policy
Audit All Devices / Software Licences
Enforce Central Administration of All Client Devices
Allow Remote Administration of All Client Devices
Allow Remote Administration of Servers
Agreed Defined Patch Management Service
System Security
Full External IT Security Scan & Report
In-Depth IT Security Scan & Report
Action Security Report Findings
Agreed Custom Level Of Scanning/Reporiting
On-Site Service / Administration
Monthly IT Security Based Site Visit
Monthly Review of Domain User Accounts
Quarterly Access/On-Site Admin Review
Annual Password Audit
Bimonthly Device Password Change & Documentation
Bimonthly WiFi Password Change & Documentation
Monthly AV Check – All Devices
Monthly Windows Update Check – All Devices
Biannual Internal & External Security Audit
Cyber Essentials Compliant
Agreed Service/Administration Requirement
Access to FREE staff training

Frequently Asked Question

Frequently asked questions surrounding IT & Information Security Frameworks

Does my company need to implement an IT & Information Security Policy?

In short - Yes!

Every company will see a benefit from implementing an IT & Information Security Policy. This is fundamentally the most important step that businesses can take towards protecting your company data and preventing malicious cyber threats from entering your network.

An IT Security Policy removes any ambiguity surrounding usage of IT equipment for all staff members. It provides structure and fail-safes for potential information security exploits and limits access to sensitive resources.

We're a School/Academy, can you help us with an IT Security Policy?


We can work with any organisation to formulate an IT & Information Security Policy that works the them.

We currently have several academic organisations that we work with, so we're experienced and knowledgeable of the requirements within this sector.

We have a requirement to be ISO 27001 certified, can you help us achieve this?

In short - Yes!

As part of our Custom Level IT & Information Security Policy Framework, we offer a completely bespoke policy definition and creation service through consultancy and recommendation.

If your company requires a certain level of accreditation or certification then we can build a custom framework that enables your company to adhere to your unique security policy.

If you're interested in discussing your own Custom Level Security Policy with a group of IT & Information Security specialists then get in touch now and we'll arrange a meeting to discuss your individual requirements.