New additions and enhancements being delivered in Version 19 are:
- Mapping of policy content to align with the Cyber Essential Plus requirements.
- A new introductory video is incorporated in the IT Policy System which covers the importance of IT Policies and a walk through of the system.
- Glossary of terms updated.
- The regulatory framework tables on the Home page have been updated to more closely reflect regional jurisdictions and requirements.
If you would like to discuss anything about this new release of the IT Policy System and/or the upgrade process, feel free to contact Steve Macmillan. All existing Policy Management as a Service customers will be supplied with an upgrade during November.
View our new IT Policy System walkthrough video – The Importance of IT Policies Video
Developing, delivering and maintaining IT Policies – what are the common challenges?
In our history we have captured lots of feedback as to how councils deal with developing, delivering and maintaining suitable policy content for their organisation. The 3 most common challenges we hear about are:
CIO’s and IT Managers understand the importance and associated risks of not having established comprehensive and up-to-date IT policies that all users of corporate information and systems can access. However, it’s a challenge to raise the profile of policy management across the Executive team and attain the right level of priority, attention and investment required for effective implementation.
Canvassing Executive sponsorship should incorporate discussion around risk and the value of establishing comprehensive IT policies that are relevant and tailored to an organisation.
When done correctly IT policy management can be part of an enabling culture for the workforce, and is as much about protecting people, as well at the information assets of any organisation.
Limited or no subject matter knowledge on tap
The Executive team agrees that IT policy management needs to be given some attention – what next?
Typically, someone within the organisation is selected to do this work and has limited knowledge of standards (ISO, PCI etc) and legislation (GDPR, DPA etc) having spent little or no time previously developing policies. Whilst the exercise does get underway it progresses slowly as it is a learning exercise for the individual selected. The resulting output is often not well worded, easy to read or understand. Policy statements may contain process and procedural content, and cross referencing to standards is minimal.
Some customers endeavour to put in place a knowledge share and transfer plan in the event their nominated expert is no longer available to maintain their policies. Unfortunately policy work often gets shelved when the current expert moves on as there is no handover or continuity in this area.
Not enough time
IT policy management requires focus, expert knowledge and considerable time allocated to its development and ongoing maintenance.
Often there is a catalyst that triggers an exercise to update or establish new IT policies. A catalyst can be a security incident, risk of fines resulting from a breach or a pending compliance and governance audit.
A “Big Bang” approach is often applied to get the job concluded, however the exercise can very quickly get side lined due to competing priorities, the departure of the policy expert, or an underestimation of how long it will take to complete development or overhaul of the policies.
A solution? – Request an IT Policy Management cost calculation
Partnering with a specialist IT policy organisation could reduce your investment in developing, delivering and maintaining policies by as much as 70%.
Having access to subject matter expertise to work with your stakeholders, people who are used to writing well worded policies and also keep an eye on standards and legislation, means you can alleviate your team members from the burden of doing this work.
You can create a quick win in this area and do so cost effectively.
If you would like to arrange a discussion or demonstration to understand how our Policy Management as a Service offering has made the delivery, development and maintenance of IT Policies easy and cost effective then please contact Steve Macmillan.