PRODUCT PURCHASE GUIDE

PRODUCT PURCHASE GUIDE         

SECTION I

GETTING STARTED

WHAT WE CAN DO FOR YOU

...We can help you build and improve your Information Security (INFOSEC) program, the security foundation of your business; working alongside you.  It's true that few companies offer these types of INFOSEC services to small businesses, but we're here to help.  We want to make a difference in improving the security posture of your business.

PRODUCT TYPES

Our products are supported products, which means, you deliver your business information to us, and we help to develop the data into finished products for you.  More specifically, you supply your data to us in the form of questionnaire responses and other communication methods etc that we may send to you, and then we ultimately transform that received data into the products described below.  You will also likely enhance your knowledge of the INFOSEC industry, as our modules guide you through INFOSEC topics and showcase areas of concern we focus on, and this focus in turn helps to educate you.

AUDIT SUPPORT

If your company is selected for a GLBA type of Compliance Audit, or similar, and you desire support, reach out to us, and let us know of your needs.  We will stand with you, work with you, support you, and help you to build and strengthen your security perimeter as we may assist.  We stand by our products and we'll stand by you.  Don't become the example of what not to do.

ANONYMOUS SUPPORT

We can support you anonymously.  If your company is desperately in need of help, and you’re afraid to share these vulnerabilities with us directly; buy from us anonymously.  We can help you to develop your security plan without knowing your name.  You can use anonymous email contact, or whatever you need to in order to fully, and honestly share with us all of your security worries.  We don't want names or addresses listed in your raw data when sending to us, so don't let fear stop you from getting what you need.  It's critical that you learn to protect your business and client's data.

Pick a product below and buy now!  Stick with us, and you will gain what you need.  

If you want to start small, look at our individual DSP modules, they may be just right to begin with.

------------------------------------------------------------------------------------------------------------

SECTION II

PRODUCT LIST

Please note that products are delivered in digital format, electronically.

  • DATA SECURITY PLAN (DSP) DEVELOPMENT:

                DSP COMPLETE PACKAGE

                INDIVIDUAL DSP MODULES PURCHASE

  • ASSESSMENTS:

                DATA CRITICALITY

                OVERALL PROGRAM

  • MANAGED SECURITY SUPPORT SERVICES
  • INFOSEC AWARENESS TRAINING
  • CUSTOM INFOSEC RESEARCH & TRAINING
  • INFOSEC POLICY DEVELOPMENT
  • BUSINESS CONTINUITY/DISASTER RECOVERY PLANS

ABOUT US:  We've been involved with INFOSEC since 1995, and actively developing Data Security Plans (DSPs) and INFOSEC programs since 2003.  We've developed an affordable range of services now accessible to you, and we CAN get you on the path to where your business needs to be if you work with us.  Let us know what questions you have.

------------------------------------------------------------------------------------------------------------

SECTION III

BEFORE YOU BUY…

SELECTING A DATA SECURITY PLAN (DSPs) OPTION

BEFORE you purchase one of our DSP packages, please consider and review each product offering carefully to determine which product/s contains the best options to meet your business needs.

For example,

  • Observe support timelines. Do you believe you may complete this work within one year?  If yes, our standard support timeline of 1 year for Complete DSP Packages may work for you.  If no, consider purchasing additional support time from us; now or later.  The choice is yours.
  • Think about the type of data you need to provide to us. In order to complete this project, we need alot of INFOSEC-related information from you.  Are you prepared to send us this data?  What do you need to be prepared?  Make the time to prepare yourself to minimize excessive delays in this process.  This is the time to think about and document your business processes and technical infrastructure, if you haven't already.
  • A DSP includes roughly 20 to 25 separate areas, depending upon the size and complexity of your business operations. We tailor the number of modules we may use, based upon the initial information we receive from you in questionnaires etc.
  • If you prefer to develop your DSP plan slowly, our individual DSP module products may be right for you. These products allow you to complete your DSP, one section at a time, at a slower pace.  Pay attention to the price of each module as they differ based upon the section covered.
  • Do you have an INFOSEC program in place, along with your DSP, but just can't do it all yourself? Check out our, 'MANAGED SECURITY SUPPORT' product, and let us know what you need.  We'll see what we can do to help.
  • The discounted price for the ‘DSP COMPLETE PACKAGE’ is only available when purchasing this package: Individual modules are priced uniquely and sold separately, so be sure to review and select the best product that meets your needs.  Don’t forget to select the package that contains the correct number of IT devices that your business currently utilizes.
  • As you have probably surmised, developing a DSP can require several weeks to reach completion, depending upon the size and complexity of your business operations. Please plan your time accordingly to achieve optimized results.

NOTE:  Please remember to keep us fully informed of any email/POC updates to avoid support disruptions. 

We've provided multiple products available for purchase.  Take your time and decide which package will work best for you.  Make sure to reach out and ask key questions BEFORE you buy. 

------------------------------------------------------------------------------------------------------------

SECTION IIII

PRODUCTS

PLEASE NOTE:  ALL PRODUCTS ARE DELIVERED ELECTRONICALLY.

Data Security Plan (DSP) Packages

DATA SECURITY PLAN (DSP) COMPLETE PACKAGE

Purchase this type of package if you're ready and committed to developing the full DSP starting right now.

Our DSP COMPLETE PACKAGE includes the following products:

  1. ONE FULL YEAR OF OUR DEVELOPMENT SUPPORT, STARTING ONE WEEK AFTER YOUR PURCHASE. Development Support includes answering questions, providing guidance in completing this work, and includes the work we perform on our end to ultimately send you a completed product. 
  2. INFRASTRUCTURE AND BUSINESS OPERATIONS (IBO) DATA QUESTIONNAIRE
  3. DATA CRITICALITY ASSESSMENT (DCA) QUESTIONNAIRE
  4. DATA CRITICALITY REPORT (DCR)
  5. MODULE QUESTIONNAIRES (SENT AND DEVELOPED; ONE MODULE AT A TIME) AKA QUESTIONNAIRE RESPONSE WORKSHEETS
  6. OUR DSP DEVELOPMENT SUPPORT SERVICES; ONE MODULE AT A TIME
  7. MODULE INSTRUCTION, SENT ONE AT A TIME (INCLUDED AS EMBEDDED FILE WITHIN SPREADSHEET)
  8. HELPFUL TIPS (INCLUDED AS EMBEDDED FILE WITHIN SPREADSHEET)
  9. CHECKLIST, INVENTORY TEMPLATES
  10. INSTRUCTION WORKSHEETS AND TIPS
  11. WITHIN THREE WEEKS FOLLOWING THE END OF YOUR PURCHASED SUPPORT TIME, WE DELIVER YOUR FINAL DATA SECURITY PLAN DOCUMENT FOR YOUR SAFEKEEPING. (If you weren't able to send all of your data to us, we'll do what we can to complete portions that were delivered to us.  You may also purchase additional support time if needed.)

DSP COMPLETE PACKAGE WORKFLOW PROCESS DESCRIPTION

You purchased our DSP Complete Package:  Now what?  Here's how our joint working efforts unfold.

PROCESS FLOW

  • Once your purchase is confirmed by us, we send you our, “MODULE 1 PACKAGE” to get you started.
  • Please review the Welcome and Package Instruction worksheets first, and then move to review the other worksheets.
  • Open both the Module 1 Instruction and Helpful Tips embedded files and review their contents
  • Review and respond to questions listed in the Questionnaire Response worksheet. Add questions and responses as needed to provide full and accurate details regarding your business operations.  Note:  Ensure you respond to each question separately for every Work Location Site you currently have, to included storage facilities, work from home, work on the go etc.
  • Review and respond to action items listed in the Checklist. Add or delete tasks as applicable to your business.  Use START and DUE DATE columns as a helpful resource.
  • Please do not include names or business addresses, or similar. Send us your package, complete with responses, via non-attributable method.
  • Once we receive your return package the questionnaire responses are reviewed: We may also send you additional questions to clarify answers or fill in missing details.  Once finalized, we send you a summary of the information you sent to us (in a format ready for DSP inclusion).
  • From here the same process begins again, i.e., we email you the second DSP module questionnaire, and the same process occurs as described above. We work on one module package at a time with you until fully completed, before we begin work on the next module, and so on.

Note:  This module question/response method is continuously used module by module, for developing and finalizing the remaining DSP package parts, throughout the supported time period.  Let us know what additional questions you may have regarding this process.  Time extensions are available for purchase as needed.  (We may consider short - term complimentary time extensions for supported products at our discretion.)

  • When we get closer to DSP completion, we may contact you for more information as we start the process of connecting the data from the modules together. (to ensure we have the full picture of how your systems operate, flow etc)
  • Once all Modules are completed, and within 3 weeks of purchased time expiration, we deliver the final DSP document with completed module sections integrated.

------------------------------------------------------------------------------------------------------------

INDIVIDUAL MODULES:  DATA SECURITY PLAN (DSP) PACKAGES

INDIVIDUAL DSP MODULE PURCHASE

If you need a slower pace, this is the product for you!  We've made it easier for you to develop a DSP:  We've broken down the 20+ DSP sections into 7 modules, where you can purchase a DSP module; one at a time.  We help you to develop the module until completion, for the support timeline duration indicated.  When you're ready to complete the next module, simply place a new order.  

Our INDIVIDUAL MODULES DSP PURCHASE includes the following products:

  1. 3 FULL MONTHS OF OUR DEVELOPMENT SUPPORT, STARTING ONE WEEK AFTER YOUR PURCHASE. Development Support includes answering questions, providing guidance in completing this work, and includes the work we perform on our end to ultimately send you a completed product. 
  2. MODULE INSTRUCTION FILE: GUIDES YOU THROUGH THE PROCESS, SO THAT YOU ARE AWARE OF THE INFORMATION WE NEED YOU TO SEND BACK TO US (INCLUDED AS EMBEDDED FILE WITHIN SPREADSHEET)
  3. HELPFUL TIPS (INCLUDED AS EMBEDDED FILE WITHIN SPREADSHEET)
  4. ONE DSP MODULE QUESTIONNAIRE RESPONSE WORKSHEET
  5. CHECKLIST WORKSHEET
  6. WORKSHEET INSTRUCTIONS AND TIPS
  7. WITHIN TWO WEEKS FOLLOWING THE END OF YOUR PURCHASED SUPPORT TIME, WE DELIVER YOUR FINAL MODULE DOCUMENT FOR YOUR SAFEKEEPING

NOTE:  If you want to upgrade from this separate module product to the Complete DSP package, we will provide you with a generous discount applied to the original purchase price of the complete package, if purchased within 90 days from date of this product purchase.  Contact us directly for details.

INDIVIDUAL DSP WORKFLOW PROCESS DESCRIPTION

You purchased our DSP Complete Package:  Now what?  Here's how our joint working efforts unfold.

PROCESS FLOW

  • Once your purchase is confirmed by us, we send you our, “MODULE  PACKAGE” to get you started.
  • Please review the Welcome and Package Instruction worksheets first, and then move to review the other worksheets.
  • Open both the Module Instruction and Helpful Tips embedded files and review their contents
  • Review and respond to questions listed in the Questionnaire Response worksheet. Add questions and responses as needed to provide full and accurate details regarding your business operations.  Note:  Ensure you respond to each question separately for every Work Location Site you currently have, to included storage facilities, work from home, work on the go etc.
  • Review and respond to action items listed in the Checklist. Add or delete tasks as applicable to your business.  Use START and DUE DATE columns as a helpful resource.
  • Please do not include names or business addresses, or similar. Send us your package, complete with responses, via non-attributable method.
  • Once we receive your return package the questionnaire responses are reviewed: We may also send you additional questions to clarify answers or fill in missing details.  Once finalized, we send you a summary of the information you sent to us (in a format ready for DSP inclusion).

***When you’re ready to purchase the next Module, the same process as above is repeated.

------------------------------------------------------------------------------------------------------------

INFOSEC POLICY SET DEVELOPMENT COLLECTION

INFOSEC POLICY PACKAGE (SET OF 5)

If you need policies, this is the package for you!  This is a supported product.

This package includes the following products:

  • 6 FULL MONTHS OF OUR DEVELOPMENT SUPPORT, WITH EFFECTIVE DATE STARTING ONE WEEK AFTER YOUR PURCHASE
  • 5 SEPARATE TOPIC QUESTIONNAIRES (These are delivered one at a time; as each topic is completed.)
  • 5 Policy documents delivered one at a time (See workflow below.)

POLICY DEVELOPMENT WORKFLOW DESCRIPTION

  • The first Questionnaire package is sent to you following confirmation of your purchase in addition to our mutual agreement regarding the policies to be developed.  Please review the Package, respond to the questions fully, and return to us.  Once you return the first questionnaire, we begin work on the corresponding policy document.  We may have follow-up questions with you to ensure we have the necessary data needed to compile the policy. 
  • Once the policy is complete, we send the completed product to you, along with the 2nd Questionnaire package, and we follow the same process again.  This workflow is continued until the last policy is delivered to you, or development support time runs out. 

If development support time expires, you have the option of purchasing more time, or we will compile the data we have from you and apply a best effort approach to provide you with whatever completed products we can, based upon your information.  This final documentation is delivered within 3 weeks of the support time expiration date.

---------------------------------------------------------------------------------------------------------

INFOSEC POLICY PACKAGE (SET OF 10)

If you need policies, this is the package for you!  This is a supported product.

This package includes the following products:

  • 1 FULL YEAR OF OUR DEVELOPMENT SUPPORT, WITH EFFECTIVE DATE STARTING ONE WEEK AFTER YOUR PURCHASE
  • 10 SEPARATE TOPIC QUESTIONNAIRES (These are delivered one at a time; as each topic is completed.)
  • 10 Policy documents delivered one at a time (See workflow below.)

POLICY DEVELOPMENT WORKFLOW DESCRIPTION

  • The first Questionnaire package is sent to you following confirmation of your purchase in addition to our mutual agreement regarding the policies to be developed.  Please review the Package, respond to the questions fully, and return to us.  Once you return the first questionnaire, we begin work on the corresponding policy document.  We may have follow-up questions with you to ensure we have the necessary data needed to compile the policy. 
  • Once the policy is complete, we send the completed product to you, along with the 2nd Questionnaire package, and we follow the same process again.  This workflow is continued until the last policy is delivered to you, or development support time runs out. 

If development support time expires, you have the option of purchasing more time, or we will compile the data we have from you and apply a best effort approach to provide you with whatever completed products we can, based upon your information.  This final documentation is delivered within 3 weeks of the support time expiration date.

-----------------------------------------------------------------------------------------------------------

INFOSEC TRAINING & RESEARCH COLLECTION

Please select the product that best works for you.  We also offer a research product, where we tailor INFOSEC research activities to your needs.  See product descriptions for more information.

INFOSEC AWARENESS TRAINING:  3 MONTHS

This product includes the following:

One email, delivered to the email address on file, on a weekly basis for 3 months, for a total of 12 emails regardless of calendar year.

Each of these emails consists of 1 to 3 Security Awareness (1 to 3 pages max) topics for each week.  We purposely keep the topics to a minimum in order to help employees retain the data better.

TRAINING WORKFLOW PROCESS DESCRIPTION

The first Awareness Training Email product is sent to you following confirmation of your purchase.  After this initial delivery, subsequent Awareness Training Email products are delivered, one time per week (may be sent on different days), until 12 Awareness Training Email products are delivered.

------------------------------------------------------------------------------------------------------------

INFOSEC AWARENESS TRAINING:  6 MONTHS

This product includes the following:

One email, delivered to the email address provided by you, on a weekly basis for 6 months, for a total of 24 emails regardless of calendar year.

Each of these emails consists of 1 to 3 Security Awareness (1 to 3 pages max) topics for each week.  We purposely keep the topics to a minimum in order to help employees retain the data better.

TRAINING WORKFLOW PROCESS DESCRIPTION

The first Awareness Training Email product is sent to you following confirmation of your purchase.  After this initial delivery, subsequent Awareness Training Email products are delivered, one time per week (may be sent on different days), until 12 Awareness Training Email products are delivered.

------------------------------------------------------------------------------------------------------------

INFOSEC RESEARCH OR TRAINING:  SPECIALTY SERVICE

Custom research/general training product is tailored to your needs.  Share your needs or ideas with us.  Contact us today.  Hourly rates, plus retainer apply.

Assessments

DATA CRITICALITY ASSESSMENT

This package includes our assessment, plus the following products:

  • DCA QUESTIONNAIRE
  • DATA CRITICALITY REPORT (DCA)

ASSESSMENT WORKFLOW DESCRIPTION

DCA QUESTIONNAIRE:  This document is sent to you following confirmation of your purchase.  We need you to respond fully to the questions contained therein and then return to us.

We review your completed questionnaire, send additional questions as needed, and then analyze your responses.

DATA CRITICALITY REPORT (DCA):  Your Data Criticality Report (DCR) is then drafted, finalized and delivered to you.  This is generally a 1 to 3 page report that summarizes your data types and presents the data criticality rating designated for the information used within your business.

TIP:  Hold onto this report as it is a very important record that shows the types of information in use within your business operations, and also provides you with a data criticality rating that you will use in building your Information Security (INFOSEC) program.

------------------------------------------------------------------------------------------------------------

INFOSEC PROGRAM ASSESSMENT

This product includes our assessment, plus the following products:

  • QUESTIONNAIRE PACKAGE
  • ASSESSMENT REPORT

INFOSEC Program Assessment:  We normally require your business to have a current Data Security Plan (DSP), before performing this assessment, in order to keep prices affordable for you; however, we can certainly accommodate needs you may have.  We charge a retainer with minimum estimated cost for this service.  Contact us today with your questions.

ASSESSMENT WORKFLOW DESCRIPTION: 

Following purchase confirmation, we invite you to send your DSP to us.  We review your DSP and send additional questions as needed.  Once we have full confirmation of all details we are looking for, we analyze the data you've presented to us.  When our analysis is complete, we send you a detailed report, identifying our view reflecting overall security status of your program, along with improvement suggestions for your consideration.  This process is generally completed within a month, but completion timeline also depends upon the level of detail included with the DSP, your responsiveness, and the complexity of your business operations.

------------------------------------------------------------------------------------------------------------

MANAGED SECURITY SUPPORT SERVICES

CUSTOMIZED SERVICE FOR YOU

Too busy to manage critical portions of your security program?  We can help.  Contact us today and share your needs.  We'll see how we may assist.  You have nothing to lose by asking.  Hourly rate with retainer applies here.  Rate is based on activity. 

------------------------------------------------------------------------------------------------------------

 SECTION V

ADDITIONAL INFORMATION

HOW WILL OUR PRODUCTS HELP YOUR BUSINESS?

  • We help you to build a quality, comprehensive, INFOSEC program aligned with the same security standards the government uses for its' own programs.
  • We help you to learn what you need to know to survive legislative requirements being imposed on your business or institution.
  • We help you to stand up and develop confidence in your ability to manage security needs of your business; with or without our support.
  • Purchasing our products makes it easier for you to achieve legislative INFOSEC compliance, because we arm you with important, relevant knowledge, and guide you in the process.
  • Many businesses are required to have a written, INFOSEC program, which includes the Data Security Plan (DSP). Completing this work, may bring you into compliance with legislative acts, such as the Gramm Leach Bliley Act (GLBA).
  • INFOSEC is a program, requiring active management. If you don't have the time, we can help.  We offer management support as well.
  • Better protect your business and client's data through improved data management procedures
  • Enhance the security protection of your business operations by learning more through us.
  • Increase your vigilance and focus
  • Reduce your visibility as a target for data breaches
  • Our prices are reasonable.
  • We constantly look for ways to improve: Your business gains the outcome of these efforts.

 WHAT DO YOU NEED?

  • Worried about meeting compliance requirements, but short on time? We can help! 
  • Worried about what you don't know: Work with us to increase your INFOSEC knowledge.
  • Afraid of being audited? We understand.  Government audits are increasing. 
  • Feel embarrassed or nervous about sharing your security weaknesses with us? No problem!  Buy from us anonymously, or individually.  (We don't prefer for you to share location addresses or names with us as an additional layer of protection for you.)
  • Want to improve the security posture of your business, but don't know how? Act now!  We are the leverage that you need!  We are that critical tool in your toolbox that can improve your status, and our prices are reasonable.
 The time to start is now, BEFORE a data breach or audit occurs.

Stop worrying and ACT today!

Let us help you, to better defend yourself.  We're here to help.  Protect your business, protect your clients.  We are the leverage you need.

------------------------------------------------------------------------------------------------------------

SECTION VI

GLOSSARY

Data Criticality Assessment (DCA):  An assessment we perform for you, primarily based on DCA Questionnaire responses, we receive from you.  Your responses are analyzed, and a summary determination is compiled into the Data Criticality Report (DCR).

Data Criticality Assessment (DCA) Questionnaire:  A questionnaire we send to you that we use in conducting the DCA.  The output of this assessment is the DCR.

Data Criticality Report (DCR):  This is a very brief summarized report (one page or less) identifying selected data criticality levels.  This product represents an analysis of the data you are required to protect and includes guidance regarding data protection requirements.  Our criticality rating determines which protection options are necessary for you to effectively manage risk and guard against data losses.

Data Security Plan (DSP) Complete Package Purchase:  A module by module approach):  DSP templates are ultimately tailored to your industry and business environment, broken down into individual modules, where module questionnaires are sent to you one at a time, and completed one at a time.   See product workflow process description for additional details.  NOTE:  Module completion is heavily dependent upon your timely submission of module questionnaire responses, and requires diligent, consistent effort. 

DSP Support:  We provide assistance in receiving, reviewing, analyzing, translating, and converting your raw data into usable INFOSEC form and compiling into a DSP format for your usage, per the support timeline duration indicated in your Product Description section. Our scope excludes service desk -like activities, though we ensure you receive answers to questions you may send to us.

Helpful Tips (included with each module whether purchased individually or within a supported package):  We include a Helpful Tips document with each module we send as a supplement to help provide you with additional information resources through this process.

Infrastructure and Business Operations (IBO) questionnaire:  A questionnaire designed to give us an initial glimpse of what your business operations look like from scope, size, and complexity vantage points.

IT Devices:  IT computing devices including:  desktop, laptop, smart phone, tablet, iPad, and any similar computing devices

Raw Data/Data:  This is your unique data that you send to us in the form of questionnaires, emails, and other forms of communication as the need may arise.  This information is used to develop DSP modules.

Work Location Site:  Anywhere in which your business operations or work is performed.  If you or your employees are working, whilst constantly traveling, describe that environment as you would a stationary office.

 

Protect your business, protect your clients.
We are the leverage you need.
We're here to help.

TAI, Inc.©

2020 © DataSecurityPlan.Com.  All Rights Reserved.