top of page
IT Policy

          IT policy is the rule and guideline that describes how organization handles the certain situation and what is the solution and security approached. Information Technology policy should fulfill many information technology purposes such as protecting people and information, setting rules for expected behavior of employees, authorize security personal monitor, define and authorize the consequences of violation, and help minimize risk (SANS Institute ,2007).

 

 

Information Management IT Policy (Bowman, 2009)

 

           Information management IT policy is a management process thatIT Policy governs accountability for the structure and design, storage, movement, security, quality, delivery and usage of information required for management and business intelligence purposes.

 

 

A good information management IT policy included

 

  • Purpose, lets everyone know what the policy covers;

 

  • Effective date—specifies the date the policy started;

 

  • Application lets everyone know who is expected to follow the policy; (The policy may not apply to everyone in the organization)

 

  • Background or context provides more information as to why the policy is needed. Depending on the organization this could discuss things like “risks addressed";

 

  • Definitions provides clearer definitions for any terms and concepts found in policy;

 

  • Related policies & Related standards if any;

 

  • Policy objectives should lists specific objectives and expected results. In other words, what the company hopes to achieve with this policy.Policy statements in terms of “customer services shall accept all customer returns, without question, within thirty days of the original purchase";

 

  • Accountability should specify the specific responsibilities of people concerned with the policy;

 

  • Consequences should specify what will happen in the policy is not followed. This could spell out disciplinary actions for failure to adhere to the policy; 

 

  • Review cycle specifies how frequently the policy will be reviewed

 

 

 

Enterprise Risk management advantage (enterprise risk management, 2014)  

 

  • Establish information security policies and procedures positioned towards specific information security goals that support your business objectives.

 

  • Review and improve existing policies and information security implementation plans and procedures.

 

  • Refine and update policies and procedures to ensure that they continue to meet business objectives and also conform to regulatory compliance norms (federal, state and industry).

 

  • Follow up on a periodic basis to ensure that information security policies and plans are being implemented and enforced.

 

  • Train your staff to increase awareness of the importance of IT security and what is required.

© 2014 by Ditsakarn Punyapab

FOLLOW US:

  • w-facebook
  • Twitter Clean
bottom of page