POLICIES & PROCEDURES
“Never attribute to malice that which can be adequately explained by incompetence.” – Hanlon’s Razor
How are you and your employee’s maintaining cybersecurity and handling company data? Your Policies & Procedures should clearly spell out security protocols based on a Framework of Identify, Detect, Protect, Respond, and Recover.
WHAT ARE IT POLICIES?
IT policies identify the rules and parameters for all individuals accessing and using business IT resources and assets. It also should guide your employees on the acceptable practices and standards permitted in the workplace while using these assets. The objective of an IT security policy is the preservation of confidentiality, integrity, and availability of systems and information used by an organization’s members.
Policy = The list of rules, or framework, that govern the process
What Are IT Procedures?
Procedures, on the other hand, explain the “how” of your plan of action for implementing a policy. Because IT procedures are needed to maintain consistent operations within an organization, your procedures should outline step-by-step instructions that are clear, direct, and identify specific actions. This should include when actions should take place, alternative actions, how your business will respond to breaches or incidents, etc.
Procedure = A series of steps to achieve a consistent result (output).
Benefits of a Well Written P&P Manual
- Improves business response plans. Helps you be prepared and more efficient in the event of a crisis, taking the guesswork out of what to do if there is a breach.
- Limits the risk of data breaches. Your rulebook regarding the IT systems used and how employees must use them.
- Provides clear methods to resolve problems, including incident response.
- Increases employee compliance. Provides a communicated business expectation of employee behavior.
- Details security requirements to protect against threats.
- Protects restricted data.
- Improves communication and transparency
- Allows staff to know and understand expectations.
- Provides a framework for monitoring and measuring compliance
Example of IT Policy & Procedure Needs for the Modern Workforce
-
Telecommuting/Remote Work
-
Remote Access
-
Confidentiality
-
Drug and Alcohol Use
-
Disaster and Severe Weather
-
Internet, Email And Social Media Usage
-
BYOD – Bring Your Own Device
-
Video Conference Etiquette
-
Mobile Phone Usage
-
Home usage of Company Owned Equipment
-
Business Ability to Monitor