As the public and central Government become more concerned over the security of information, more complex and differing standards have been introduced for Local Authorities to comply with. e.g. ISO 27002, PSN, PCI DSS, Cyber Essentials. Writing and managing coherent policies that align with these information security standards is time consuming and requires specialist knowledge to keep up with best practice and threats. Identifying which controls from the various standards overlap – and which do not – takes up precious resources, especially time.
As Local Authorities have taken up the Protocol Policy solution tool and consultancy, a number of common themes have emerged.
As standards are updated and introduced or more cyber threats are identified, changes are “bolted” onto policies rather than integrated which results in policies that are too long and ineffective, cumbersome and inconsistent.
Also, the policies often contain the requirements Users, Managers and Technical employees are to follow which means that a User has to read the whole policy to find out the areas that are relevant to themselves.
The Protocol Policy System streamlines policies so that Users are presented with all of the information they require but no more i.e. they do not need to know the requirements expected of their Technical colleagues.
Commonly we have encountered many policies that are out of date, not version or document controlled, not consistent with each other and end up taking on the role of detailing the procedures, guidelines and processes to implement it. While this defeats the object of what a policy is, it also means that the areas that are key to employees are not read or they take in very little of the policy. Policies need to be short and to the point.
In addition, when it comes to auditing or providing assurances, many Local Authorities have issues evidencing compliance against standards to either their internal or external auditors e.g. PSNA. The resources required to compile and produce the evidence can be cumbersome and time consuming. Due to the cross referencing of standards to policies, the auditor can select any one of the controls in the standards they wish to audit against and the Protocol Policy System takes them to all of the key areas in the policies. The system greatly reduces the amount of preparation time before an audit and the amount of time to conduct the audit.
If you would like to understand how Protocol Policy Systems are assisting Local Authorities address the challenges associated with IT Policy development and management then contact Sue Lal – firstname.lastname@example.org
Click here to read how we recently assisted Buckinghamshire County Council review, update and deliver a full suite of new IT Policies in under 8 weeks.