X Close

Risky Business

Home

Tips and tricks for securing information

Menu

Executive consensus, approval

By utnvrrv, on 11 May 2017

Approved_StampLanguage matters

Write policy statements in a way that can colleagues can read easily and interpret them correctly. Ambiguity is also a key point that one should watch out for. It is all too easy to get caught up in legalese, jargon and verbosity. This makes the policy incomphrehensible and boring to read. Everyone loves a policy that is simple to read, understand and put into practice. Separate out policy statements, guidelines and other content. Distil what should be a policy statement. Try and arrange the statements in a logical sequence of what you expect should happen. You could ask a colleague to critically review it. Once you are happy with the text you can send it out and seek feedback. If your organisation has a standard template, adopt it or design a cover page, use the organisation’s branding in the header, and include relevant text in the footer.

This is based on the information that business uses and the perceived risks to the information. Consider information risk as a driving factor towards a good information security policy. A good policy should not create unnecessary hurdles. A complicated policy may mean that business processes slow down. Colleagues find ways and means of circumventing the controls. Consider how real world threats impact the business, and how the policy statement would safeguard the organisation. Use an exception section only if necessary. A good policy should be between 1 to 2 pages long.

Endorsement and Approval

Consult with senior colleagues, accept feedback and finalise a draft version of the final policy. The document should then be sent to key decision makers within the organisation for a final endorsement. Keep a record of the distribution list and feedback received. Incorporate changes as necessary, or suggest suitable modifications. Once all mid-management approvals are in place (don’t forget the minutes), formally send the policy document for final approval from the Board. If you’ve have the endorsements in place, the final approval should be easy.

Congratulations!!