There are various type of IT policy compliance can be introduced. IT Policies or ICT policies can be broken down into categories of policies, for example:
- IT Governance, Risk and Compliance (IT GRC) policies, like a compliance policy.
- Project and Change Management policies.
- IT Goods or Services Acquisition policies.
- Availability management policies, like disaster recovery (DR), business continuity (BC).
- Acceptable Use policies, like an email usage policy or computer usage policy.
- Information Security policies focus on managing and protecting and preserving information (including personal information) belonging to the organisation, which is generated by those employees in the course and scope of their employment.
- Information Management policies focus on managing data such as its retention and destruction.
There is an overlap between HR policies and IT policies to the extent that the “human factor” is common to both of them and both therefore cover issues involved in the employer and employee relationship.
Issue and audience
There are two key questions relating to any policy:
- What is the issue to be addressed?
- Who is the intended audience? Who must comply with the policy?
Some Issue-specific IT policies
There are many essential issue-specific policies. We can help you to draft or review these.
- Access control
- Acceptable Use of IT
- Use of Software
- Protection from Malicious Software
- Bring your own device (BYOD) or personally owned devices
- Email use
- Technology or device management (like laptops, cell phones, or cameras)
- Mobile technology
- Monitoring or interception of communications
- Physical and environmental security
- User accounts and passwords
- Backing up of information
- Digitization (or document imaging) policies
- Email archiving policies
- Electronic signature guidelines
Combined IT Policy
We advocate an approach which clearly differentiates between issue-specific, operational policies, standards and procedures, each of which should be set forth in separate documents. However, certain clients specifically want one policy that covers several areas of acceptable use that we normally cover in separate policies.
Characteristics of good Policies
They should be:
- short and to the point
- in plain and understandable language
- well structured
- in accordance with and inline with the latest laws and rules
- clear on what is permitted and what is not
- specific, relevant and applicable to the target audience
Feel free to contact E-SPIN for the solution for your system and operation to reduce risk of your businesses and organization. We can secure and protect your businesses with our various software security technology, as well as IT policy compliance solution.