Policy Packs

Policy Packs: The compliance toolkit designed for MSPs

Audit-ready, foolproof, and industry-tailored — check, check, and check. Meet our Policy Packs. These collections of documents outline the policies and procedures your clients need to guide actions and decisions. Covering key topics such as ethics, security, compliance, and privacy, the Policy Packs leverage documentation as code, guaranteeing documents are up-to-date, version-controlled, and easily editable. With controls built into the setup, you can rest assured every required step is actually performed. Whether your clients operate in healthcare, defense, CMMC, finance, or another industry, the packs can be tailored to meet their needs. As a final touch, each pack features pointed “how to’s” because you deserve to feel the impact of our two decades of expertise.

Every document, ready for auditors.

Become a Compliance Scorecard Plus member and start taking advantage of our Policy Packs.

Learn More

The HIPAA Pack

The HIPAA Pack equips you with all the essential policies and standard operating procedures (SOPs) you need to comply with the Health Insurance Portability and Accountability Act (HIPAA). This comprehensive toolkit helps you safeguard protected health information (PHI) by outlining clear guidelines for handling patient data securely, protecting privacy rights, and more.

What's included

Documents in this pack.

With the HIPAA Policy Pack, you get:

Privacy Policy: Outlines how PHI is collected, used, disclosed, and safeguarded.
Security Policy: Specifies the safeguards in place to protect PHI from unauthorized access, use, or disclosure.
Risk Analysis and Management Policy: Describes how risks to PHI are identified and managed.
Breach Notification Policy: Specifies how breaches of PHI are reported and managed.
Contingency Planning Policy: Outlines how PHI is backed up, how PHI is accessed in emergency situations, and how systems are restored after an outage.
Employee Training and Awareness Policy: Outlines the training and awareness program for employees on HIPAA rules and regulations.
Business Associate Agreement Policy: Outlines the requirements and responsibilities for third-party vendors and contractors who handle PHI.
Access Controls Policy: Describes the controls in place to limit access to PHI to authorized individuals.
Incident Response Policy: Outlines how incidents involving PHI are detected, assessed, and managed.
Audit Controls Policy: Describes the auditing process to ensure compliance with HIPAA regulations.

FTC Safeguard Pack

The FTC Policy Pack provides a clear roadmap for your employees and contractors. This collection of documents outlines the specific behaviors and decisions necessary to comply with Federal Trade Commission (FTC) rules and regulations.

What's included

Documents in this pack

Written Information Security Policy (WISP) considering the following:

Access Control Policy and Procedures: Specifies controls for limiting access to systems and data.
Authentication and Authorization Policy and Procedures: Outlines how users are identified and authorized to access resources.
Change Management Policy and Procedures: Specifies how changes to systems and data are managed and controlled.
System Monitoring and Auditing Policy and Procedures: Describes how system activity is monitored and audited.
Privacy and Confidentiality Policy: Outlines how personal information is protected and used.
Security Risk Assessments Policy and Procedures: Describes how risks to personal information are identified and managed.
Acceptable Use Policy: Outlines acceptable use of company systems and data by employees.
Security Awareness Training Policy: Describes the requirements for employee security training and awareness.
Data Governance Policy and Procedures: Outlines how data is collected, stored, processed, and used.
Incident Response Plan: Outlines the steps to be taken in the event of a security incident or breach.

NIST CSF PACK

The NIST CSF Pack (National Institute of Standards) features a collection of policies, procedures, and guidelines that can be used to implement and maintain a compliance program.

What's included