Policy Excellence in Six Steps - Slide 2

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
Next Policy Excellence in Six Steps-2 Next

It is important to understand, when creating policies, that those created purely to satisfy auditors and regulatory bodies are unlikely to improve business performance or bring about policy compliance, as they rarely change employee behavior appropriately. While satisfying to legal departments, and looking impressive to auditors and regulators, busy employees will instantly be turned off by lengthy policy documents full of technical and legal jargon.

External factors that affect policies are evolving all the time. For example, technology advances may lead to information security policies and procedures becoming obsolete. Additionally, changes in the law or industry regulations require operational policies to be frequently adjusted. Some policies, such as Payment Card Industry DSS compliance, have to be re-presented and signed up to on an annual basis.

Typically, most "policy" documents are lengthy, onerous and largely unreadable – many are written using complex jargon, and most contain extraneous content that would be better classed as procedures, standards, guidelines and forms. Such documents should be associated with the policy. Documents must be written using language that is appropriate for the target audience and should spell out the consequences of non-compliance. Smaller, more manageable documents are easier for an organization to review and update, whilst also being more palatable for the intended recipients. Inadequate version control and high production costs can be reduced by automating the entire process using an electronic system.

Striking the right balance between risk mitigation and the commercial demands of the business is an essential skill, which must be adapted according to the nature of your industry and the size, culture and risk appetite of your organization. This role needs to have clear ownership at senior management level.

Organizations need to take a systematic and proactive approach to risk mitigation if they are to be better prepared to satisfy evolving legal and regulatory requirements, manage the costs of compliance and realize competitive advantage.

Achieving and maintaining policy compliance becomes more difficult to sustain as organizations grow and become more geographically dispersed and more highly regulated. But, it doesn’t have to be this way.

Policies and procedures establish guidelines to behavior and business processes in accordance with an organization’s strategic objectives. While typically developed in response to legal and regulatory requirements, their primary purpose should be to convey accumulated wisdom on how best to get things done in a risk-free, efficient and compliant way.

Those organizations that are serious about staff reading, understanding and signing up to policies should consider adopting automated policy management software. This raises standards of policy compliance and provides managers with practical tools to improve policy uptake and adherence.

This slideshow features six secrets for effective policy management, as identified by Cryptzone.

More Slideshows:


Take Action to Avoid Mobile Device Geolocation Risk Actions organizations and individuals can take to limit the risk associated with geolocation technology.

Top Eight Features in Windows Server 8 Windows Server 8 is a technically sophisticated operating system that is crammed with features that bring many previously enterprise-only capabilities to small and mid-sized businesses.

The Seven Security Habits of Highly Successful Mobile IT Administrators Today's IT departments are finding new ways to safeguard the behaviors of their mobile work force.

 

Related Topics : Application Security, IT Process Management, Six Sigma

 
More Slideshows

Five9RemoteEmployees0x 5 Best Practices to Enable Remote Workers

Recent years have seen a significant increase in the remote workforce as developments in technology have given employees the freedom to work anywhere, anytime. ...  More >>

DataM62-190x128 10 Steps for a Proper Data Governance Plan

Establishing a digital governance plan can be a challenge, but with the right education and tools, the job can be made a lot simpler. ...  More >>

DynCloudInternetVisibility0x 8 Reasons the Enterprise Needs More Visibility into the Cloud

IT executives need the right tools to monitor and control their cloud infrastructure to maximize the positive impacts and mitigate security threats. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.