NEWSLETTER
December 10, 2025
As we conclude the year, cyber security issues continue to keep many people awake at night. With limited resources and suitably qualified personnel available to combat and address these issues we see don’t see next year as being too different unfortunately.
AI was the hot topic of 2025 and it’s likely to continue as such during 2026. Moving beyond the hype, this technology has certainly opened immediate opportunities to make our work lives more productive and efficient on the basis the risks of using AI are considered and well managed. In the right hands, AI can certainly help to deliver some impactful and positive cyber security initiatives that address ever present cyber threats and the work of bad actors.
It has been also very entertaining to observe the number of products on the market that are now “AI driven”. We quite liked the AI mattress that combines AI algorithms, biomechanical research, and insights from over 2.3 million groups of sleep data points to give you a good night’s sleep. However, having discussed the pros and cons of owning this mattress we were rudely awoken to the possible privacy considerations.
For our last newsletter of this year we have previewed some of the themes and topics we covered in the last 12 months.
Organisations need clear data protection and IT security policies to meet legal and practical duties for protecting personal data and maintaining strong cyber security. However, these policies are often mixed up, which can undermine both compliance and effective governance. In this article, we explore the differences between the two, outline the risks of overlapping responsibilities, and highlight practical steps to keep them distinct but aligned.
A strong cyber security strategy only works when underpinned by enforceable policies and consistent governance. Without this foundation, technology and security initiatives can become fragmented and reactive. In this article, we explore how policy-first governance sets expectations, enforces accountability, and translates strategy into measurable action across the organisation.
For IT and Cybersecurity leaders, policy creation and management is not just about documentation, it’s about governance, control, and resilience. In this article, we explore the limitations of manual IT policy management and show how a systemised SaaS platform brings structure, automation, and intelligence to policy creation, review, and user engagement.
As AI and Large Language Models (LLMs) become more embedded in daily operations, organisations need stronger data and information governance to support responsible and ethical use. In this article, we breakdown the difference between data and information governance, and look at how clear policies, defined roles, and practical governance processes help manage AI-related risks.
Policy development can stall when teams lack time, the right expertise, or clear ownership. Without a structured approach, they become outdated, inconsistent, or difficult for staff to follow. In this article, we highlight how Policy Management as a Service streamlines policy creation and management, improves user engagement, and keeps policy content clear, relevant, and aligned with recognised best practice frameworks.
Developing effective and sustainable IT policies requires not only technical expertise, but also meaningful stakeholder engagement. In this article, we highlight why involving stakeholders helps to ground policies in the real-world context of the organisation and bring together a range of perspectives to identify potential risks, practical limitations, and unintended consequences.
Rapid technological change brings both opportunities and challenges for the housing sector. Emerging technologies like cloud computing, IoT, and AI require organisations to continuously adapt their IT policies. In this article, we explore how a well-structured policy framework can help manage risks, support innovation, ensure alignment with standards, and maintain operational stability.
IT policies and processes play a critical role in making sure AI is deployed securely and responsibly. As organisations integrate AI into everyday operations, strong controls are needed to protect data, reduce risks, and maintain trust. In this article, we outline the essential measures every team should put in place when deploying AI systems to help reduce the information security risks that come with adopting this technology.
Effective policies rely on a powerful, interconnected system comprised of regulations, IT standards, and IT frameworks. These foundational tools provide a structured and consistent approach to managing IT resources, risks, and compliance within an organisation. In this article, we unpack how these elements work together to guide IT policy development, ensure compliance, and support operational efficiency.
Cyber resilience is an organisation’s ability to protect critical services and prevent IT disruptions before they occur. In this article, we explore the key areas every organisation should focus on when developing a resilience strategy, including securing critical assets, minimising downtime, managing third-party risks, maintaining compliance, and involving staff in preparedness.
Thank you for staying connected with us this year. We’ve enjoyed supporting organisations address the challenges associated with improving their cyber security posture and resilience. We look forward to sharing more insights and practical guidance during the year ahead.
Wishing you a Merry Christmas and Happy New Year.
From the Protocol Policy Systems Team.
PROTOCOL POLICY SYSTEMS
Fill in the form or call us on (UK) +44 845 241 0099 or (NZ) +64 9 570 2233