This report records the result of an evaluation of data security policies and procedures at an organization. The purpose of this report is to illustrate: a report format that can be used to communicate the status of company policies, and also to present recommendations for policy changes to management, including details of specific policy and procedure findings and gaps; data security policy issues and practices that could be incorporated into your own review including: intellectual property rights and data privacy.

For each possible policy or procedure issue, the tables included identify the item, the current policy (if any) regarding the item, and possible recommendations regarding policy changes.