Causing a stir

Generative artificial intelligence (AI) systems are increasingly being used at work and home, with a view to increasing productivity, being more creative and making better data driven decisions. Managing the risks of using generative AI is a hot topic and should be front of mind for organisations, some steps worth taking are:

• Establish clear IT policy guidance regarding the organisation’s use of generative AI. As it is a rapidly developing technology, ensure you regularly review and update the policy guidance.
• Understand how different teams in your organisation intend to use AI, as these use cases will also help to shape the policy guidance that you provide to your users.
• Build and maintain a list of the generative AI tools that your organisation is allowed to use. Review the terms of usage for those generative AI tools to clearly understand aspects such as licensing, restrictions and intellectual property.

For organisations that are planning to use generative AI we have drafted a guideline document that covers some considerations on the use of this technology. Contact us to obtain a copy.

For our IT Policy Management as a Service customers, the guideline along with additional policy and best practice statement detail was published in the first week of July, and can be viewed from the Client Menu (customer site admin access) in either the Essentials or Premium versions of the IT policy management software.

The importance of IT Policies

The business catalyst for implementing information security policies and procedures should not be an IT related issue or disaster, but a considered and well thought out approach based on business impact analysis, risk assessment and risk mitigation strategies, and driven from the top of the organisation.

Risks Considerations

The risks of not defining acceptable use and management standards for information and information systems include:

• Damage to reputation.
• Financial repercussions due to remediation requirements.
• Loss of business.
• Misuse of data – yours or customers.
• Loss of data – yours or customers.
• System unavailability.
• Legal or regulatory issues.

What are the Business Benefits?

As noted above, defining and implementing IT security policies helps an organisation to identify and manage business risks.

The business benefits of having well defined IT policies and procedures that are communicated to staff and reviewed and updated regularly to keep up with changes in the environment include:

• Providing a security and acceptable use framework for the organisation.
• Helping to protect the information systems and information assets of the organisation.
• Providing a uniform level of control and guidelines for management.
• Delivering one consistent information security message to all.
• Communicating the IT security and acceptable use policies and guidelines to users.
• Providing a benchmark for monitoring and measuring compliance.
• Assisting with staff issues relating to the misuse of technology or information.
• Meeting internal obligations of auditors and risk managers.

Click here to view the video – The challenges of developing, delivering and maintaining IT Policies

Protocol Policy Systems work with organisations to deliver and maintain comprehensive, easy to understand IT Security Policies. All policies are mapped and cross referenced to relevant international or local standards such ISO, PCI, CE+.

IT Policy Management as a Service is subscription based, and therefore gives your organisation the right level of up-to-date customised policy content at a fixed and predictable amount per annum.