Security policy is needed to protect the data that an organisation stores. If this is not done, it could result in financial costs, legal issues and loss of reputation.
The prevention of misuse should be considered and methods to prevent this include physical security and system access controls.
It is essential that the organisation is proactive in attempting to detect misuse of their system. The use of audit trail software can be used.
When misuse has been detected, a full investigation should be carried out.
Company procedures should include: physical security, system access, human resources issues, operational procedures, staff responsibility and sanctions.
A security policy can only work if employees are aware of it and how it affects them. Employees can be made alert to security issues by: training, communication and legal obligations.
A new business could purchase and adapt a pre-written security policy.
1 of 3
Training policy
Organisations should consider the suitability of training by developing a corporate training policy which should be based on the following:
Skill requirements - the organisation has to identify the skills required for each role and level within a company.
Course structure & availability - it is possible to organise attendance for employees at external training courses.
Financial issues - a training policy will be linked to a training budget. The cost of an individual training course needs to be considered.
Cost benefit - staff training is a necessary investment for an organisation.
2 of 3
Procurement policy
Hardware - including the procurement of servers, laptops. Various methods of procurement should be considered such as leading or purchasing. Key factors include a suitable delivery date and negotiated payment terms.
Networking & communication technology - including hubs, switches. It is important to ensure that equipment is compatible and at the right price.
Staff services & contract labour - contract labour can be used for large projects or expertise in certain fields.
Software - systems software is usually bought off-the-shelf due to the standard nature of the product. Generic application software such as office software is also bought off-the-shelf.
Office supplies & consumables - it is likely that the organisation will have an account with the supplier that can promise next day delivery.
ICT procurement consultants - many large projects that operate on a long time scale will have to make sure budgets are complied with. Organisations may employ specialist consultants to maximise their purchasing efficiency.
Disposal of equipment - many new companies have started up that can dispose equipment in line with current legislation.
Comments
No comments have yet been made