Security breaches are inevitable and costly. Standard policies and procedures must be in place to limit the likelihood of occurrences and to ensure there are processes in place to deal with issues efficiently and effectively. Time and money are wasted dealing with preventable security issues that should be pre-emptively addressed in a comprehensive corporate security policy. Critical Insight Security policies and procedures must be integrated into job descriptions and employee routines. Security is often viewed as a lower priority to employees than short-term productivity and revenue generation. Security policies are living documents that require reviews and updates to maintain relevance. If policies do not work, they have to change or the behavior has to change. Communication and enforcement of policies are often greater challenges. Developing policies can be standardized, but the human aspects of compliance with policies are more difficult to predict and control. Impact and Result Short term: Save time and money using the templates provided to create your own customized security policies mapped to ISO 27001 and NIST standards. Long term: After the initial policy development, minimal updates will be required to ensure the policy remains up to date. Long-term maintenance and compliance of the policy will ensure legal and corporate satisfaction of security measures.