Elements and Performance Criteria
- Research IT security requirements
- Conduct risk analysis
- Identify security threats and determine security specifications, taking into account the internal and external business environment
- Develop controls and contingencies to alleviate security threats
- Identify the costs associated with contingencies
- Document and forward recommendations to appropriate person for approval
- Develop IT security policy and operational procedures
- Review feedback from appropriate person to determine how to manage security threats
- Develop security policies based on the security strategy
- Create and document work procedures based on the security policies
- Document operating procedures and forward to appropriate person for approval
- Take action to ensure confidentiality of client and user information
- Apply statutory requirements to policy and procedures