Every organization has different sets of policies, standards, guidelines and other documents. To begin customization, you should ask for a list of all information security governance documents and determine which ones might apply to SD Elements content.
If you’re unsure of which documents will apply to SD Elements in an organization, you should at least ask to review the following or their equivalents:
- Acceptable Encryption Policy
- Password Construction Guidelines
- Password Protection Policy
- Information Logging Standard
- Server Security Standard (particularly application servers)
- Web Application Security Policy
- Mobile App Security Policy
- Network/infrastructure Security Policy
- Secure Programming Guidelines
- Single Sign On Policy / Standard or Identity and Access Management Policy / Standard
- Patch Management Policy / Standard, particularly as it relates to third party libraries in software
- Data Privacy Standard
You can then try to map SD Elements tasks to the documents to see which ones need customization. As a first step to assist in mapping, you can review the Frequently Customized Tasks (see How To Create Custom Content).