Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

15) Are your organisation's information security policies accessible to all employees?

August 30, 2022
Security Governance
Policies
Accessibility

Answer yes if all of your employee's have continuous access to your organisation's up-to-date policies (for example, through an intranet, cloud service, or networked drive).

What is it?

Policies are essential to the security of the organisation, but employees cannot abide by them if they are unaware of them. Some may also defend violating policy by claiming they were unaware of them.

Policies must therefore be readily available to them and they must be informed as to where to find them in order to ensure awareness and accountability.

Why should I have it?

Mandating that relevant Information security policies are available to employees and other parties as needed ensures that they are informed and reduces the possibility that individuals can plead ignorance to policy violations. It also makes disciplinary actions more enforceable.

Naturally clients will want to not just know their suppliers have policies, but that they are well known and applied by all their staff as well.

Relevant policies being available to all should, after all, be a matter of policy!

How to implement the control

Such a policy can usually be applied by creating a policy section on your website or intranet, including the documentation during onboarding, and notifying (and sometimes reminding) users of specific policy items and where to find the full set of policies.

Note that some policies may be too sensitive to be available publicly or even for all staff. Such policies should be placed in a different location with the relevant access controls in place.

There are numerous consultancies or individual consultants that will be able to assist in crafting a policy that meets your business and technical requirements.

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.