The benefits of IT policies and procedures are that it
-
- shows that management take these matters seriously
- helps staff to take appropriate actions to manage IT risks effectively
- helps management take suitable disciplinary or legal action if wrong-doing has occurred in relation to the use of company IT systems.
Here are some policies and procedures you might expect in an organisation;
- Acceptable use (incl email)
- Electronic connectivity
- Monitoring and control
- Software (including system development)
- Retention
- ISMS
- IS security (includes a number of other elements such as cryptography, computer forensics, access control, clear desk
and third party)
- Business Continuity
All policies should be owned by an individual within the organisation. They are responsible for
- writing the policy
- making updates &
- communicating updates
It is generally best policy to ensure that policies are updated regularly (usually at least annually) and that users of the policy provide written confirmation to confirm they have read and understood policy updates when they happen.
These policies and procedures can be backed up with terms and conditions to employment.
