Are your policies fit for purpose?
Some discussions we had at a recent industry event highlighted how organisations still struggle to draft and deliver policies that are fit for purpose. Three people we met from 3 different organisations stated they had IT polices currently in circulation that are approximately 10 years old. In a separate discussion, someone in an IT Operations role outlined how they had recently overseen the implementation of Microsoft Teams and were advised that an existing Instant Messaging Policy would be used to provide guidance on its usage. Needless to say, we had some good advice for these folks, and for anyone else that finds themselves in a similar situation.
What makes IT policies fit for purpose?
- They must be written in a format that is easy to read and understand.
- The wording applied should be at a high level and should not contain any process or procedural details.
- Policies should remain current and up to date by regularly reviewing them.
- Cross referencing policies for alignment to relevant best practice guidance or internationally recognised standards should be easy to do.
Most of the organisations we assist acknowledge that no team member has ever rushed forward to take on responsibility for this area of work. There’s a myriad of possible explanations as to why no one wants to take on this job however, the most common one is that writing policies is challenging and requires a significant investment of time from the project owner and stakeholders in order to make headway.
Nothing stands still
With an ever-changing technology landscape it’s crucial to provide the right level of guidance to users. More frequently they are working remotely and are using mobile or portable devices to access cloud-based applications. Having the right level of policies in place to reinforce what is deemed “good behaviour” when using organisational technology (devices or systems) and data is more important than ever.
Good content and engagement makes for a great outcome
Policy Management as a Service (PMaaS) is designed to address the challenges outlined above, and drive user engagement with the policy content, ultimately helping to develop that good behaviour.
With a library of over 800 best practice statements, PMaaS makes the development, delivery and maintenance of policies easy. Review dates can be set and managed. The work to align policy content with relevant best practice guidance or internationally recognised standards is already done by our experts, and is visible to you on screen.
Driving and managing user engagement with the content is made possible using a range of functions. Examples being –
- Stakeholder mode - an online collaboration tool used to comment on statement wording during the initial policy drafting or when doing policy reviews.
- Onscreen policy acceptance mode for users makes the reading and acceptance process very easy and efficient.
- Reporting on both active and inactive PMaaS users provides a means to understand which users need a reminder and encouragement to review content.
Click Here view an overview of the service.
Click Here to hear what our clients say about the service.
Contact us to book a walkthrough of Policy Management as a Service.
When was the last time you tested your incident response plan? >