close

What Is Truth to Power?

[+] A research and advisory resource...

dedicated to bridging the gaps between governance and practice, technology and business, regulation and control, risk management and real market pressures, and your own knowledge and the knowledge of your peers.

[+] An open forum and community...

built to create a common pool of knowledge—one big brain—that lets you work more efficiently, build technology and business practices more effectively, and endure audits more effortlessly.

[+] A plexus nexus...

a neutral hub through which you can reach many valuable information nodes, resource collections, and organizations that are helping people like you already, but in fractured ways.

[+] A rebellion...

against the idea that auditors, analysts, and consultancies can control information simply through their ability to collect and distill it. T2P's goal is to unlock the vast body of knowledge, insight, and conventional wisdom that we all have, make it freely available to you, and help you digest and interpret it—without undue cost, bias, or hype.

Top Panel
WHAT IS T2P?
Top Panel
Open IT Policy Templates

The Open IT Policy Project is a community-vetted knowledgebase built by and for professionals in IT, compliance, audit, legal, and other business roles responsible for defining, distributing, aligning, and/or enforcing corporate policies related to information management.

Open IT Policy Templates are free community resource, designed to provided well-structured policy models. Everyone can view the templates, and T2P members may also edit templates and add new ones.

The value of this project depends on people like you to take just a little time to improve one or two things at a time. You don't have to be an “expert”: just say what you know. Please pitch in. Got policies? Add them to the project. Know a good policy when you see one? Please help improving the existing templates.

We hope you'll contribute and benefit from these documents.
Title Filter     Display # 
# Article Title
1 Acceptable Use, Administrative or Special Access (Policy)
2 Acceptable Use, Email (Policy)
3 Acceptable Use, Internet (Policy)
4 Acceptable Use, Virtual Private Network (VPN) (Policy)
5 Access Controls, Account (Policy)
6 Account Management (Policy)
7 Add a Policy Template
8 Agreement to Protect Sensitive Data (Form)
9 Change Management (Policy)
10 Computer Virus Prevention (Policy)
11 Contingency Planning (Policy)
12 Data Backup and Storage (Policy)
13 Data Marking, Handling, Processing, Storage, and Disposal (Policy)
14 Deferral of System Security Certification or Accreditation, Annual (Form)
15 General Information Security Management (Procedure)
16 Green Computing (Policy)
17 Incident Response (Policy)
18 Intrusion Detection (Policy)
19 Logging and Audit Trails (Policy)
20 Mobile Computing and Network Access (Policy)
21 Network Access (Policy)
22 Network Access Controls (Standard)
23 Network Configuration (Policy)
24 Network Data Privacy (Policy)
25 Password Management (Policy)
26 Personnel Security (Policy)
27 Physical Security (Policy)
28 Policy Application Checklist (Administrative Utility)
29 Secure Media and Data Handling (Procedure)
30 Secure Software Development Lifecycle (Standard)
31 Social Computing and Networking (Policy)
32 Software and Hardware Security Controls (Policy)
33 Spam and Unsolicited Commercial Email Prohibition (Policy)
34 System Security Certification/Accreditation, Annual (Form)
35 System Security Certification/Accreditation, Annual (Policy)
36 Telecommuting Agreement, Employee (Form)
37 Welcome to the Open IT Policy Project
 

T2P RECOMMENDS:

AuditNet logo
AuditNet is an online portal for auditors. Created and run by the venerable Jim Kaplan, the organization's mission is to develop a complete "utility" for audit-related information, products, and services.

T2P RECOMMENDS:

The BeyeNETWORK provides resources and professional community support for business intelligence, performance management, data warehousing, data integration and data quality.

T2P RECOMMENDS:

IIA Logo

The Institute of Internal Auditors (IIA) is a powerful research and guidance organization focusing on audit principles and processes for business and IT functions. IIA guidance related to information control includes the Global Technology Audit Guide (GTAG) series and the Guide to the Assessment of IT Risk (GAIT) series.