About Us | Contact Us
View Cart

infotex Document Library

Document Library

We are pleased to offer our IT Policy and Procedure templates to banks and organizations around the world. Our templates help you create excellent policy for security and governance purposes.

Our boilplates are organized into a cohesive, organic IT Governance Programs. Click below to jump right to the Program or Kit that you are interested in. Add one or as many as you want to the cart and checkout!

Please NOTE: infotex MSSP Clients get full access to the Document Library for FREE. Just contact us using one of the many channels we provide and request the current promotional code.

Jump to:

Start of the Document Library
Access Management
Asset Management
Asset Management Branchless Banking
Awareness: Board
Awareness: Customer
Awareness: Management
Awareness: Technical
Awareness: User
Business Continuity
Incident Response
Risk Management
Security Standards
Vendor Management

 

 

 

 

Boilerplate Description Program Price
Access Management Procedure The Access Management Procedure is used to identify and restrict user access to system resources, to the minimum required for work to be performed.  As per the Data Ownership Policy, this procedure identifies Data Owners, the procedure for an annual Access Authorization Review, details the procedures for a Data Classification Process, and details the procedures for a Data Flow Risk Assessment. Access Management
Price: $20.00
Background Check Procedure This document outlines the procedure that the organization follows to do initial pre-employment screening and background checks, as well as ongoing random tests.  Could call for drug testing, etc. Access Management
Price: $20.00
Data Ownership Policy Technology permeates the operations of the entire organization and therefore defies departmentalization. However, business function managers within the organization must have authority over the data that flows through their business function.  These business function managers need to be aware that they are responsible and accountable for the security of the data which they “own.”  Therefore, a policy should be developed to grant proper authority to these “Data Owners.” Access Management
Price: $20.00
Disposal of Electronic
Non-public Information Procedure
This document is used to help ensure that the receipt and removal of hardware and electronic media containing non-public information complies with regulations and best practices. Access Management
Price: $20.00
New Employee Orientation Checklist This is the form used to ensure complete and proper orientation of new employees. Access Management
Price: $20.00
New Employee Orientation Procedure This document is used to define responsibilities and describes a program that is designed to ensure a consistent, thorough process throughout all the stages of orientation. Access Management
Price: $20.00
Termination Checklist This document provides a list of all things that must be done when an employee and/or contractor is terminated.  Used as a control to ensure proper processing. Access Management
Price: $20.00
Termination Procedure Whenever the employment of someone with access to sensitive or confidential material is terminated for any reason, management should follow certain procedures.  These procedures are intended to assist in limiting the vulnerability of the organization, and are outlined in this document. Access Management
Price: $20.00
Visitor Authentication Procedure This outlines a procedure that documents what actions employees should take when “visitors” request access to various areas of the financial institution. Access Management
Price: $20.00
Electronic Record Retention Procedure The main goal of this policy is to ensure that all documents are maintained and retained  according to applicable state and federal laws and regulations.

This document includes also includes an Electronic Discovery Policy (eDiscovery) that may either be included in the Record Retention Policy or it may be put into its own policy document.

Asset Management
Price: $20.00
Network Diagram and System Documentation Procedure This document provides a procedure for requiring the technical team to stay on top of basic documentation requirements (such as network diagram, system diagrams, etc.) Asset Management
Price: $20.00
Software License Management Procedure This document provides a procedure that assists departments in managing software assets.  Proper software management includes establishing responsibility, maintaining an accurate inventory, ensuring license compliance, and effectively allocating the use of software applications. Asset Management
Price: $20.00
Agenda for Portable Device Configuration Standards This is a document that can be used to help “put the cat back in the bag” as you roll out BYOD to those who already have e-mail on their phones. Asset Management Branchless Banking
Price: $20.00
ATM Risk Assessment A drill-down risk assessment that can be used to roll out newer “smart ATMs”. Asset Management Branchless Banking
Price: $20.00
Down and Dirty BYOD Language This document provides language may be inserted into an AUP or other document to cover MOST of the concerns related to BYOD risk.  We strongly urge you to consider a more deliberate approach! Asset Management Branchless Banking
Price: $20.00
Portable Device Risk Assessment A risk assessment meant to start off the BYOD process (and you can use it to update that process as well. Asset Management Branchless Banking
Price: $20.00
Portable Devices Audit Checklist A checklist that can be used to manually audit a users’ issued or authorized device as per the Portable Device Security Procedure. Asset Management Branchless Banking
Price: $20.00
Portable Devices Configuration Standards The purpose of this document is to establish standards for administration, encryption, endpoint security, and other processes that will mitigate such risk. Asset Management Branchless Banking
Price: $20.00
Portable Devices Procedure Signoff Page A form at the back of the Portable Devices Procedure that employees who are issued portable devices (laptops, PDAs, cell phones) sign signifying they understand the procedure. Asset Management Branchless Banking
Price: $20.00
Portable Devices Security Procedure A procedure that addresses the use of laptop computers, personal digital assistants, and portable electronic storage devices.  Distribute to users who are issued portable devices. Asset Management Branchless Banking
Price: $10.00
Remote Access Security Procedure The Remote Access Security Procedure provides security directives for telecommuters using the company information computer systems as well as complies with established policies and other related information documents.  It applies to all computer platforms and all application systems. Asset Management Branchless Banking
Price: $20.00
Social Media Development Policy This document provides an example framework for a policy that can manage the risk associated with the new marketing capabilities possible with the internet, in compliance with FFIEC guidance replaced in December 2013. Asset Management Branchless Banking
Price: $10.00
Social Media Development Standards This document provides a framework for establishing procedures for developing a social media presence within the constraints of FFIEC guidance and other risk management objectives. Asset Management Branchless Banking
Price: $10.00
Annual Information Security Report to the Board This is a template for compiling the annual report that is supposed to go directly from the Information Security Officer to the Board of Directors. Awareness:  Board
Price: $20.00
Board Agenda An agenda for what needs to be covered in Annual Board Awareness Training Awareness:  Board
Price: $20.00
CyberSecurity Awareness for the Board A PowerPoint meant to fulfill banks need for “cybersecurity training.” Awareness:  Board
Price: $20.00
Commercial Customer Awareness Training Flyer A flyer that includes all required and suggested components of awareness training for commercial customers. Awareness:  Customer
Price: $20.00
Consumer Awareness Training Flyer A flyer that includes all required and suggested components of awareness training for customers. Awareness:  Customer
Price: $20.00
Consumer Awareness Training Puzzles Awareness Training puzzles that can be given to customers. Awareness:  Customer
Price: $20.00
Customer Awareness Strategy A document detailing the financial institutions strategy to train not only the risks the customers face using Internet banking, but other non-traditional methods of performing banking transactions (e.g. hand-held devices). Awareness:  Customer
Price: $20.00
Identity Theft Prevention Basis for an Identity Theft brochure that should be provided as a link off the financial institution’s Internet banking login page as well as, if appropriate, in hard-copy format to new internet banking customers. Awareness:  Customer
Price: $20.00
Mobile Banking Tips and Trends Data sheet for mobile banking customers that provides tips and trends for using mobile banking. Awareness:  Customer
Price: $20.00
Mobile Security Puzzle Mobile Security puzzles that can be given to customers. Awareness:  Customer
Price: $20.00
Privacy Policy This is a template Privacy Policy to be used as a starting point for the sake of helping you develop your own Awareness Program for your customers. Awareness:  Customer
Price: $20.00
Public Presence Content Checklist A checklist for critical elements that should be placed on the on-line banking login page for the sake of legal and reputational risk mitigation.  Elements of concern go beyond the “typical terms and conditions” and include issues such as:  ID Theft Prevention Tips, Phishing Warnings, etc. Awareness:  Customer
Price: $20.00
Awareness Training Procedure An awareness training procedure for management. Awareness:  Management
Price: $20.00
Awareness Training Strategy Information Security permeates the organization, and thus an extremely important step in mitigating Information Security risk is to make the entire team aware of key issues related to Information Security.  Buy-in at the management level will ensure proper enforcement of policies and procedures, as well as a cohesive, cost-effective approach to risk mitigation.  Therefore, it is imperative that the management team and employees undergo many different levels and layers of awareness training throughout the calendar year.  This procedure documents the process used by the Information Security Officer to ensure appropriate information security awareness throughout the calendar year. Awareness:  Management
Price: $20.00
Information Security Officer Job Description Job Description Template for the Information Security Officer role. Awareness:  Management
Price: $20.00
Management Awareness Training Procedure A procedure that establishes an annual presentation that helps management become aware of Information Security Issues from a management perspective:  risk management, policy development, incident response, etc. Awareness:  Management
Price: $20.00
Management Guidelines for Social Media This is a guidelines document regarding how management team members presents themselves in the social media.  It also contains information about proper disclosures, as well as guidelines on monitoring employee usage of social media. Awareness:  Management
Price: $10.00
Technology Planning Policy Language A document used to provide a formal, structured approach towards ensuring that information technology appropriately aligns with overall bank business strategy. Awareness:  Management
Price: $20.00
Banner Procedure Appropriate notification for authorized use is done through the use of banners.  Banners are used at network login, with facsimile transmittal forms as a disclosure statement, and with e-mail signatures.  This procedure indicates the appropriate banners with each system. Awareness:  Technical
Price: $20.00
Technical Awareness Training Procedure A document for the development, implementation, and maintenance of technical awareness training. Awareness:  Technical
Price: $20.00
Acceptable Use Policy The Acceptable Use Policy is a key control for user awareness and administrative policing of system activities.  It details the permitted system uses and user activities and the consequences of noncompliance.  All employees should receive a copy of the policy and appropriate training, and signify their understanding and agreement with the policy before management grants access to the system. Awareness:  User
Price: $10.00
Acceptable Use Policy Checklist A checklist that can be used to review your AUP and, on a risk-basis, determine what may need to be added to “shore it up.” Awareness:  User
Price: $10.00
Commercial Customer Awareness Training Checklist A checklist covering commercial customer awareness training. Awareness:  User
Price: $20.00
Conflict of Interest Policy Outlines the organization’s approach to identifying and evaluating potential conflicts of interest and assisting its employees in addressing conflict of interest issues. Awareness:  User
Price: $20.00
Stand-alone User Level Social Media Policy This is a policy that governs employee usage of their OWN social media sites (like Facebook, Twitter, LinkedIn, etc.)  It is a stand-alone policy in our library, but most banks are copying the language from it into their existing Acceptable Use Policy. Awareness:  User
Price: $10.00
User Awareness Training Comprehension Test A quiz that documents that users not only have read the AUP, but they have received training on that AUP and understand at least the components of the AUP addressed in the test. Awareness:  User
Price: $20.00
Business Continuity Policy This policy establishes the requirements for the development of a Business Continuity Plan that is devoted to the concept of keeping the financial institution’s information resources, assets, and essential functions operational in all foreseeable circumstances and will ensure the continued successful operations of essential functions in the following environments:
• Normal operation environment;
• Emergency operation environment; and,
• Return to normal operation environment.
Business Continuity
Price: $20.00
Small Bank Business Continuity Plan Provides general procedures to be followed whenever situations occur adversely affecting the normal daily operations. Business Continuity
Price: $20.00
Incident Response Plan A boilerplate used to create an Incident Response Plan, a file describes the Incident Response Team’s plan for dealing with computer security incidents such as: virus, worm, Trojan horse detection, unauthorized use of computer accounts and systems, as well as handle Acceptable Use Policy compliance.  Describes the IRT’s plan for dealing with computer security incidents.  Security incidents include, but are not limited to: virus, worm, and Trojan horse detection, unauthorized use of computer accounts and computer systems, as well as complaints of improper use of Information Resources as outlined in the [Acceptable Use Policy]. Incident Response
Price: $20.00
Incident Response Policy A template for helping an institution create its own IT Governance Program as well as all the roles needed to maintain one, such as an Incident Response Team. The policy also describes the Incident Response Team’s plan for dealing with computer security incidents such as: virus, worm, Trojan horse detection, unauthorized use of computer accounts and systems, as well as handle Acceptable Use Policy compliance. Incident Response
Price: $20.00
Intrusion Detection Procedure A template that is used to help an institution create an Incident Response Program for adequate detection and response to intrusions and other incidents that can be defined in the Incident Response Decision Tree. Incident Response
Price: $20.00
One Page Incident Response Policy A policy that reduces everything the board should know, require, and be accountable for . . . . related to incident response . . . to one page. Incident Response
Price: $20.00
Risk Monitoring Architecture A template to put forth the strategy that the Incident Response Team use when it comes to Risk Assessment. Incident Response
Price: $20.00
Scenario Response:  CATO A template that can be customized to help in the procedure when dealing with a CATO attack incident. Incident Response
Price: $20.00
Scenario Response:  DDOS A template that can be customized to help in the procedure when dealing with a DDOS attack incident. Incident Response
Price: $20.00
Scenario Response:  Generic A template that can be customized to help in the procedure when dealing with any number of incidents. Incident Response
Price: $20.00
Simplified Incident Response Plan A generic incident response program that demonstrates how a small bank can whittle down our policy set to suit their needs. Incident Response
Price: $20.00
Third Party Information Request Procedure A procedure to control the release or distribution of confidential information to third parties. Incident Response
Price: $20.00
Assigned Security Responsibility Policy This policy covers the procedures for identifying the security official who is responsible for the development and implementation of the policies and procedures for managing the risk that arises from information technology. Risk Management
Price: $20.00
Audit Charter This charter describes the mission, independence and objectivity, scope and responsibilities, authority, accountability and standards of the Internal Audit function. Risk Management
Price: $20.00
Board Minutes CAT Mitigation Strategy This document is part of a set that provides a framework for a presentation to a board of directors regarding CAT Mitigation. Risk Management
Price: $20.00
Board Minutes Overview This is a template for the board minutes for handing out the CEO/Board Overview Document Risk Management
Price: $20.00
Board Minutes Risk Appetite This document is part of a set that provides a framework for a presentation to a board of directors regarding CAT Mitigation. Risk Management
Price: $20.00
CAT Mitigation Strategy This is a template for presenting the results of the Cybersecurity Assessment Tool 5th Step:  Analysis and Interpretation.  It is the document that the board minutes #3 refer to, and is used to convey where the financial institution is NOT at the required maturity level, and the institution’s plan to mitigate the gap(s). Risk Management
Price: $20.00
Commercial Customer Risk Assessment A drill-down risk assessment on commercial customers. Risk Management
Price: $20.00
Cybersecurity Assessment Tool Maturity Analysis and Interpretation Tool (CAT MAIT) Infotex tool that assists organizations in preparing for the FFIEC Cybersecurity Assessment. Risk Management
Price: $20.00
Drill-down Template A template for drill-down risk assessing. Risk Management
Price: $20.00
Information Technology (IT) Governance Policy Gives birth to other Board-level policies, establishes a governance team (IS Steering Committee per se).  Establishes measures and policies the entity will take to mitigate risks identified in the risk analysis.  Includes a policy for the creation, distribution, training, and updating of all policies and procedures. Risk Management
Price: $20.00
Information Technology Risk Analysis Procedure This document presents the procedure that the financial institution will use for the annual Information Technology Risk Analysis as required by the Board of Directors in the Risk Management Policy.  The risk analysis is used to prioritize audit engagements and is used to design audit tests. Risk Management
Price: $20.00
Insurance Risk Assessment A list of questions for your insurance provider, with the ability to risk-rank the answers you receive. Risk Management
Price: $20.00
ISO Committee Charter This document provides an example framework for an ISO (or ERM) Committee Charter. Risk Management
Price: $20.00
IT Audit Program This document provides direction for vulnerability testing in terms of schedule and test performer. Risk Management
Price: $20.00
IT Strategy Plan The purpose of this plan is to provide an IT Strategy “roadmap” for management to implement and deliver services that support the strategic mission and goals set by the bank. Risk Management
Price: $20.00
IT Tactical Plan This document accompanies the IT Strategy plan. The purpose of this plan is to provide an IT Tactical “roadmap” for management to implement and deliver services that support the strategic mission and goals set by the bank.  The tactical plan implements the strategic plan. Risk Management
Price: $20.00
MSSP  Drill-down Risk Assessment A drill-down risk assessment for deploying a Managed Security Service Provider. Risk Management
Price: $20.00
Risk Analysis Executive Summary A summary of the top ten or so risks inherent in the Operational Risk Analysis which has been conducted by a GLBA task force or the IRT. Risk Management
Price: $20.00
Risk Analysis Executive Summary
(for drill-down risk assessments)
A summary of the top ten or so risks inherent in the risk assessment performed for various drill-down areas (e.g. social media, virtualized environment, wireless banking, etc.). Risk Management
Price: $20.00
Risk Assessment
(Social Media)
A table used to conduct a risk assessment specifically for social media.  Lists vulnerabilities, impact severity, probability, and resulting risk ranking. Risk Management
Price: $10.00
Risk Assessment
(Wireless Banking)
A table used to conduct a risk assessment specifically for wireless banking.  Lists vulnerabilities, impact severity, probability, and resulting risk ranking.  This may take into consideration any non-traditional forms of accessing customer data (e.g. hand-held devices, Internet banking, etc.). Risk Management
Price: $20.00
Sample IT Audit Universe A sample IT Audit Universe that can be used to specify an audit RFP. Risk Management
Price: $20.00
Security Sanctions Policy This policy establishes policy, guidance, and standards for employee performance expectations in carrying out the provisions of policies and procedures, and the corrective action(s) that may be imposed to address violations. Risk Management
Price: $20.00
Automatic Logoff Procedure Hardware and software located in a user department are often less secure than those located in a computer room.  Therefore, organizations should adopted this procedure to ensure that access to all servers and workstations that access, transmit, receive, or store nonpublic information is appropriately controlled. Security Standards
Price: $20.00
Change Control Standards A standards document that defines the requirements needed to document, communicate and control changes to the organization’s production IT environment (application, system software/hardware, database, etc.) while providing assistance to the change owner to help ensure secure, reliable and successful changes.    MEANT FOR SMALL BANKS. Security Standards
Price: $20.00
Domain Controller Security Procedure A procedure for addressing the security of domain controllers. Security Standards
Price: $20.00
Encryption Standards This standards document establishes when encryption is necessary, what situations are eligible for exception, and what specific protocols and encryption schemes are acceptable. Security Standards
Price: $20.00
Firewall Security Standards This standards document applies agreed upon firewall security standards Security Standards
Price: $20.00
Mainframe Data Encryption Standard The Mainframe Data Encryption Standard provides security rules for the security encryption between mainframe and other external devices. Security Standards
Price: $20.00
Microsoft Server Security Procedure This document establishes a procedure for ensuring a uniform approach to securing servers utilizing platforms provided by Microsoft. Security Standards
Price: $20.00
Network Devices Security Standards A document that provides security directives for all devices connecting to Network Services. Security Standards
Price: $20.00
Password Management Procedure A procedure that establishes a standard for the enforcement of strong passwords, the establishment of which applications and operating systems will require strong passwords, the protection of those passwords, and the frequency of maintenance.  This procedure also addresses the storage of “shared passwords,” meaning those passwords in which it is best practice to have more than one person utilize the password. Security Standards
Price: $20.00
Server Build / Configuration Standards This Server Build / Configuration Standards document provides security directives for the financial institution’s Microsoft servers.  The purpose of this document is to establish standards for access control, server hardening, and domain controllers. Security Standards
Price: $20.00
Contract Review Checklist A spreadsheet checklist used to check if all information is included in a contract. Vendor Management
Price: $20.00
One Page Vendor Management Policy A more succinct version of the basic Vendor Management Policy to provide the framework for management to identify, measure, monitor, and control the risks associated with vendors. Vendor Management
Price: $20.00
SSAE-16 Review Checklist A spreadsheet checklist used to check if all pertinent information and formatting is correct in a SSAE-16. Vendor Management
Price: $40.00
Vendor Document Request Letter A letter sent to vendors requesting documentation pertaining to Vendor Due Diligence. Vendor Management
Price: $20.00
Vendor Management Policy A policy document designed to address vendor relationships from an end-to-end perspective, including establishing servicing requirements and strategies; selecting a provider; negotiating the contract; and monitoring, changing, and discontinuing the vendor relationship. Vendor Management
Price: $20.00
Vendor Management Threshold Analysis A spreadsheet used as a means to decide if a vendor must comply with the Vendor Management Procedure Vendor Management
Price: $20.00
Vendor Nondisclosure Agreement Template A sample contract that addresses only the nondisclosure concerns of the Vendor Management Procedure Vendor Management
Price: $20.00
Vendor Owner List A list of all vendors, the person assigned as their owners, and where they fall on the “governing threshold scale.” Vendor Management
Price: $20.00
Vendor Review Board Report This report template could be used for both presenting results of due diligence reviews, but also to present the results of your overall vendor due diligence review to the board. Vendor Management
Price: $20.00
Vendor Risk Determination Table A spreadsheet used to “drill down” further in order to determine risk presented by a particular vendor. Vendor Management
Price: $20.00
Annual Vendor Review Questionnaire Questionnaire to determine if the Vendor Owner kept updated and reviewed Vendor information during the past year as well as reviewing the Vendor from an Owner standpoint. Vendor Management
Price: $20.00
Critical Vendor Review Checklist A checklist used to determine missing elements from the vendor files. Vendor Management
Price: $20.00
Generic Vendor Request for Proposal Outline for use to gain proposals from third party vendors requesting information on services available. Vendor Management
Price: $20.00
High Risk Vendor Review Checklist A checklist used to determine missing elements from the vendor files. Vendor Management
Price: $20.00
Precontract Vendor Due Diligence Checklist Precontract checklist to check the variability of a contract with a vendor. Vendor Management
Price: $20.00
SSAE-16 Review Report A report template used for both presenting results of SSAE-16 reviews, but also to present the results of your overall vendor due diligence review to the board. Vendor Management
Price: $20.00
Vendor Agreement Template A sample contract that addresses concerns of the Vendor Management Procedure. Vendor Management
Price: $20.00
Vendor Contract Addendum Template Template used to add things previously missing from a vendor contract. Vendor Management
Price: $20.00
Vendor Document Second Request Letter A second letter sent to vendors requesting documentation pertaining to Vendor Due Diligence. Vendor Management
Price: $20.00
Vendor Due Diligence Schedule This is a schedule starting 01/01/?? And going through completion of a typical “first review” so that vendor management team members can get a feel for how long a due diligence review would actually take.  Two time frames:  90 day deliverables, 180 day deliverables. Vendor Management
Price: $20.00
Vendor Management Procedure A procedure for managing vendors, including pre-contract, contract, and ongoing due diligence requirements. Vendor Management
Price: $20.00
Latest Articles