Open Book

Documentation and Policy Package

Guidance and Policies - In Writing

Our Documentation and Policy Package  (DPP) is the first step many organisations have taken towards a clear and concise set of rules, guidelines, and principles that govern every aspect of Information Security for an organisation.  In fact, some even draw upon it to be the defacto Human Resource document from which all policies are drafted against.

Every DPP comes with printed and digital copies to distribute amongst your workforce, and is collaborated upon with several hours of consultation and draft review.

Packages start at $1620 + HST

Included Topics within the Information Security Policy

This list is by no means exhaustive, but it is a sample of the consideration of topics RiPPUL can tailor to your business' specific needs.

Management Direction

We provide a framework for the management of requirements.  It's needed for compliance with law, relevant regulations, security policies and standards, and best practices.

The Information Security Organisation

This section defines the security roles and responsibilies of all Employees, including internal operations and remote workers.

People and the Culture of Security

The culture of security within an organsation defines what is important to ensure compliance with policies and standards.  This section notes pre-, during-, and post- employment timelines.

Access Control

Who has access, and what type of access should they have?  Many security controls refer to this section when discussing Identity and Access Management.  What are a user's responsibilities for each system they have access to?  Outline procedures of access and restriction requirements.

Digital and Physical Asset Management

Really the meat of the policy.  This section defines the overall responsibility for assets, how to classify label and handle information, and related sections about the media which it is on, whether cloud-based or physical.


Every business should have an encryption policy.  Whether it's a dusty desktop that serves a single purpose, or the SSL certificate on your web site.

Physical and Environment

Prevent unauthorized Access, Damage, and Disruption to assets, property and services.   Mostly required for on-premesis workforces, the same principles need to be established for remote points of operation, even temporary of off-site.  Securing areas and equipment that access your resources can be laid out in a standard here.

Third Party Relationships

Set out your expectations for vendors and other third parties when coming into the fold.  Use this section of policy to draft NDA's and ensure compliance with your business Information Security Policy.


Documentation and Policy Package

Canonize your Policies and Head Towards Your Desired Security Profile

  • Workstyles Assessment for Remote Employees

  • Corporate Security Policy (Draft and Final)

  • Awareness and Training Campaign Materials

  • Annual Policy Renewal and Acceptance Forms

Contact Us

We're ready. 

16 Industrial Parkway S.
Suite 105
Aurora, Ontario
L4G 0R4


Thanks for submitting!