Policy and Procedure Development
At the heart of every highly functional organization are policies and procedures developed from smart goals that empower the company to operate effectively and reduce their risk and liability. Valorr helps organizations develop, implement and manage Information Security Policies and Procedures that meet company goals and requirements.

Information Security Program Development
The purpose of policy and procedures is to strengthen organizational processes, reduce risk and protect the business. However, every business is different and their needs vary. Therefore policies and procedures should be reviewed and updated regularly to meet changes to business requirements, challenges, processes and risk. Policies and procedures must also be clearly communicated (through training and testing) and accessible to employees anytime. It is best practice to ensure all employees are aware of the current policies and procedures and they have reviewed and signed off on them in order to protect the business from liability and non-compliance.
Our Approach
Our program development services are based on industry-recognized security frameworks, including the NIST CSF, NIST 800-53, CIS Top 18, and PCI DSS. We leverage an established capability maturity model index (CMMI) to objectively evaluate your program and provide realistic maturity rankings across industry standards.
Phase 1
Project Kick-Off / Planning
Project Kick-Off / Planning
Phase 2
Plan Analysis and Development
Plan Analysis and Development
Phase 3
Plan Socialization and Testing
Plan Socialization and Testing
Phase 1: Project Planning and Kick-Off
During Phase 1, the Valorr team collaborates with you to establish the objectives and scope for this engagement, as well as communication methods and a cadence for status reporting. Following this initial step, we coordinate document and interview requests with your team.
- Clear engagement objectives
- Established communication methods
- Document and interview requests
Phase 2: Plan Analysis and Development
During Phase 2, our team holds on-site and/or remote discovery sessions with key stakeholder and subject matter experts within your organization. Following this step, our team builds a current plans and capabilities against industry best practices.
As a result of this analysis, we are able to identify capabilities, existing processes and areas for improvement to be included in the developed plan(s).
- Analysis of the current capabilities across your IT infrastructure, business processes and utilized technologies
- Identify opportunities for improvement
- Developing a best practice plan to guide response and recovery
Phase 3: Plan Socialization and Testing
In the final phase, our team communicates the details of the developed plan(s) with all key stakeholders and ensure there is a clear understanding of procedures, roles and responsibilities.
During this phase, we strive to maximize the use of insights gathered from stakeholders interviews to infuse their expertise into on the developed plan and ensure that the new plan aligns with current operations and company goals.
- Alignment across cybersecurity priorities, organizational objectives and policies.
- Improved decision-making around the level of risk associated with the current business environment.
- More efficient resource allocation
- Clear responsibility matrix and increased buy in
Assessment Focus Areas
Access Control | Asset Management | Audit and Accountability |
Awareness and Training | Configuration Management | Identification and Authentication |
Incident Response | Maintenance | Media Protection |
Personnel Security | Physical Protection | Recovery |
Risk Management | Security Assessment | Situational Awareness |
System and Communications Protections | System and Information Integrity | Data Privacy |
Different From the Rest
At Valor, we take a different approach to implementing and managing cybersecurity.
Actionable Deliverables
Our assessment process doesn't just point out your weaknesses and the urgent need for change. It provides clear, action-based guidance for addressing key security risks and improving your overall risk posture.
Ongoing Support
We never deliver a report and leave our partners, we often stay onboard to help them implement our recommendations and mature their programs. We work hard to collaboratively help execute your strategic roadmap.
End-to-End Services
Valor provides a full lifecycle suite of services and end to end support services. We have experts in security program development, data privacy and business resilience to help you improve across all risk domains.
Have A Question?
Valor is excited to take on your biggest business risk challenges. Please complete this short form and we will get in touch with you.