Writing IT Security Policy?

Everyone knows they should have a solid set of IT Security Policies, but what exactly does that mean? To start, every company should, at minimum, a basic IT policy set that can easily followed and consistently governed. A Draconian policy set that no one can understand or follow defeats the purpose and does nothing for anyone. Keep your policy set focused and to the point so that employees understand the policy objectives and requirements they need to abide by and that they can attest to and follow.

Your company’s IT policy set should include the following polices, at minimum: password policy, access authorization, data backup plan, risk management, employee acceptable use, information security policy, network security policy, disaster recovery plan, business continuity plan, and HR onboarding and termination. Of course any company should add any additional policies necessary that support their operations and security objectives. These polices should be reviewed annually, at the very minimum, and updated accordingly per any impacting changes to the business or infrastructure per that review period.

It’s very common in today’s world to have a customer or prospect request to see a copy or proof of your IT security policies. Having your IT policy set regularly updated and governed accordingly is the goal for maintaining an optimal security posture and operations.

If your company needs any assistance with developing or auditing your IT policy set, please contact Adsero Security for a free consultation.

Comments are closed.