ANA Cyber Information Security Policy Review is a consulting service that reviews and develops information security policies for organizations. The service addresses security concerns related to confidentiality, data integrity, and availability of information assets. The service includes three main offerings: IT policy definition, business process audits, and security baseline reviews. IT policy definition involves drafting cybersecurity policies based on various laws, guidelines, and standards including ISO 27001:2022, GDPR, TISAX, SOC Type 1, SOC Type 2, PIMS, and HIPAA. Business process audits examine organizational processes to identify risks, verify controls, and provide recommendations for improvements. Security baseline reviews assess endpoint security configurations including password security, malware control, automatic updates, and patch management. The service is delivered by certified professionals holding credentials such as PMP, CISSP, CISA, ISO 27001:2022 LA, CEH, CHFI, ECSA, CNSS, and US-CERT OPSEC. The company maintains ISO 27001:2022 certification and signs NDAs with employees working on client projects to ensure confidentiality.