April 13, 2023
The maintenance and upkeep of IT policies is typically driven by changes in business requirements, the adoption of new technology, changes in best practice standards, or increasingly a cybersecurity incident.
In some of these examples policy maintenance and upkeep work may not be too significant however, when it comes to changes in a standard the work to review and edit policy wording to ensure it is aligned with the updated guidance can be significant.
A good example of this is the new version of ISO27002:2022, the information security management standard that provides a framework for implementing and maintaining effective information security controls. The new version provides a more relevant and adaptable framework for effective information security management.
Some of the main changes in ISO27002:2022 over the previous 2013 version are:
For many organisations being able to allocate resources to review the new version of ISO27002, or any other applicable security standard, is difficult when staying across business as usual requirements consumes most hours of the working day.
“Without the necessary resource and commitment to keeping policies updated they can quickly become out of date and irrelevant. With the ever-advancing security frameworks, utilising IT Policy Management as a Service will ensure our policies will keep pace as we seek accreditation.” - Buckingham Shire Council (Click here to read the case study)
A key benefit of IT Policy Management as a Service is the fact that it is designed to the make the policy review and update process easy when it comes to understanding and communicating the impact of changes introduced by a new standard version such as ISO27002:2022.
The online upgrade function in the IT policy management software allows customers to go straight to the specific policy material that they need to review as a result of a change in a standard. Also new and revised policy statement wording options are provided by our Policy Editors. As a result, IT Policy Management as a Service customers invest significantly less time working through their policies to ensure they are still aligned with the new standards guidance.
“I assessed our requirements in the area of IT Policies and it was very evident that we had a lot of work to do if we were to draft content that was easy to read and understand, whilst being aligned with best practice. My estimate was that it would take 12-18 months to do this exercise in house and that was time we didn’t have, particularly as we were immersed in deploying new technology. I began researching options and identified Protocol Policy Systems (PPS) as a specialist provider in this area.“ - Tower Hamlets Community Housing (Click here to read the case study)
If you would like to discuss how IT Policy Management as a Service can help your organisation build and maintain the foundations for a secure computing environment please contact us.