For Federal Government Agencies, Healthcare and Banking industries

"The Federal Information Security Management Act (FISMA) requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source."

National Institute of Standards and Technology
http://csrc.nist.gov/groups/SMA/fisma/overview.html

We help Federal Agencies comply with the FISMA Act by evaluating a Federal Agency's current IT security policy and providing oversight into helping to ensure they are in compliance with FISMA before they are audited.

If a federal agency is audited and found to be not in compliance they could lose their federal funding to operate.

The FISMA compliance is also used in Banking, and the Healthcare industry because of its stringent requirements.

IT Greenway has templates to help create a working IT Policy before your are audited, as well as we offer disaster recovery plans.

The National Institute of Standards and Technology also states:

"An effective information security program should include:

• Periodic assessments of risk, including the magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the organization
• Policies and procedures that are based on risk assessments, cost-effectively reduce information security risks to an acceptable level, and ensure that information security is addressed throughout the life cycle of each organizational information system
• Subordinate plans for providing adequate information security for networks, facilities, information systems, or groups of information systems, as appropriate
• Security awareness training to inform personnel (including contractors and other users of information systems that support the operations and assets of the organization) of the information security risks associated with their activities and their responsibilities in complying with organizational policies and procedures designed to reduce these risks
• Periodic testing and evaluation of the effectiveness of information security policies, procedures, practices, and security controls to be performed with a frequency depending on risk, but no less than annually
• A process for planning, implementing, evaluating, and documenting remedial actions to address any deficiencies in the information security policies, procedures, and practices of the organization
• Procedures for detecting, reporting, and responding to security incidents
• Plans and procedures to ensure continuity of operations for information systems that support the operations and assets of the organization.

(...)

In support of and reinforcing this legislation, the Office of Management and Budget (OMB) through Circular A-130, Appendix III, Security of Federal Automated Information Resources, requires executive agencies within the federal government to:

• Plan for security
• Ensure that appropriate officials are assigned security responsibility
• Periodically review the security controls in their information systems
• Authorize system processing prior to operations and, periodically, thereafter"

http://csrc.nist.gov/groups/SMA/fisma/overview.html



More information:

NIST's FISMA homepage

Wikipedia on FISMA, for quick information

Full text of FISMA in PDF format