Getting the foundations right for an ICT Shared Services model means IT Policies need to be addressed early so that the partners and users of the shared systems ensure the appropriate levels of information security are in place to keep corporate information safe. Policies address the requirement to protect information from disclosure, unauthorised access, loss, corruption and interference and are relevant to information in both electronic and physical formats.
Typically we see a working group is formed to develop a draft model ICT Security Policy for use by the partnering organisations. However this can be time consuming and challenging as different partners may have differing views on what is appropriate, based on their previous governance culture. Juggling day to day priorities may see them struggling to stay engaged in the modelling exercise and the level or quality of input from partners is therefore likely to vary.
The ideal outcome should be that the working group ultimately delivers a comprehensive set of well defined policies. Having well defined policies and procedures that can be communicated to staff and reviewed and updated regularly to keep up with changes in the environment should include:
- Providing a security and acceptable use framework for the partner organisations
- Helping to protect the information systems and information assets of those organisations
- Providing a uniform level of control and guidelines for management
- Promulgating one information security message to all
- Communicating the IT security and acceptable use policies and guidelines to users
- Providing a benchmark for monitoring and measurement compliance
- Assisting with staff issues relating to the misuse of the technology or the information
- Meeting internal obligations of auditors and risk managers
When multiple entities move to forming a partnership getting consensus on what will ultimately comprise a draft or final collection of policies to meet the above criteria will require a significant investment of time. Ensuring they are well worded, easy to understand and compliant with current standards (ISO, PCI, PSN) will extend this time commitment.
Protocol Policy Systems works with organisations moving to an ICT Shared Services model to objectively develop and deliver their immediate and future policy requirements. Our Consultants, IT Policy System and methodology can take a laborious time consuming exercise and deliver a result in under 8 weeks (elapsed timeframe). All policies delivered are automatically mapped to current standards. Consolidating policies into a newly branded easy to reference environment, will provide an early win for the fledgling operation, ensure a stable foundation for future review and enable the bringing together of stakeholders during the crucial first phase of delivery.
To discuss how Protocol Policy Systems can help you get the foundations for an ICT Shared Services Project off to the start contact – firstname.lastname@example.org
To view our brief demonstration video click here