Policy Writing (Possibly Off-Topic)

Hello all,

In the wake of SOx compliance, I’m now in the position of having to generate or advance some security policy work in areas that I’ve never investigated before (O/S Build Standard, Application/System Development, 3rd Party System Development). While I understand that this list is more on the operational side of things, I was hoping that someone (or a few) have had some exposure to the policies I’ve listed above and my be able to point me in the correct (passing an audit) direction.

Many thanks in advance,

Michael Cullen

Sr. Security Engineer

Universal Music Group

(818) 777-4049