• Search

• Categories

  • Change Management
  • Company News
  • Industry Observations
  • Information Security
  • ITAM (Asset Management)
  • ITIL and Service Management
  • RFID
  • Software License Compliance

• Recently Written

  • Managing mobile assets – making it part of your ITAM program
  • Keep an Eye on the Hardware Lifecycle
  • Managing mobile assets – bills
  • Managing mobile devices – email addresses
  • Managing mobile assets - contracts
  • Managing mobile devices - applications
  • Managing mobile assets - SIM cards
  • Managing mobile assets – risks
  • Retiring software assets
  • Quick tips on keeping software licenses organized & updated

• Blogroll

  • Miro Consulting

• Subscription

  •  Blog Articles
  •  Subscribe by Email
  • 

• Archives

  • July 2010
  • June 2010
  • May 2009
  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • February 2008
  • January 2008
  • December 2007

• Members

  • Log in

Policies are often ineffective, often not understood, poorly managed, and represent more of a token gesture than a comprehensive and sustainable approach to risk management. Why are they so important? Policies not only serve as legal documents that protect the enterprise from liability, but they have also been used in court against the company if written, but not communicated or enforced equally. If that isn’t a wakeup call! There is often limited process in place to validate the effectiveness of business policies, a general lack of communication and little policy enforcement that leads to failures - one example is a company simply posting their policy on an intranet and hoping that employees both read and understand them.

In order for a policy to be effective, you need to be sure that employees understand the policies, and more importantly, are clear on the consequences of non-compliance. We also suggest that you have all of your employees sign an agreement stating that they will abide by them. Here are a few tips for effective policy management:

• Change your policies with your business- companies are constantly changing, don’t forget to update your policies to reflect that change
• Follow-through - with consequences in place, don’t let them slide. One employee getting away with non-compliance will diminish your policies credibility.
• Make sure your policy is clearly defined, understandable, and addresses what and why

Non-compliance with regulators and software vendors welcomes a host of problems - fees, lawsuits, bad publicity, in addition to security issues. Technology is the basis of the business world, and with every new program, internet browser and social network, come new security risks. The inability to control IT environments is a major problem for those organizations that do not plan and implement security policies effectively. The healthcare industry, for example, is at greater risk because they house data that needs to be protected from prying eyes. This is why, most healthcare companies, have strict firewalls for employees, often not even allowing internet access to sites outside those needed to run the business. This is just another reason why IT Governance is a necessity for all businesses, in any industry, to protect themselves. Whether it is a hacker or a virus accidentally downloaded by an employee, these errors can cost hundreds of thousands of dollars and be detrimental to your business.

Along with a strict set of policies and procedures, we recommend only giving employees access to what they absolutely must have for their job role. When access is granted above and beyond the call of duty that is where trouble starts. Not only does it cut down on productivity, it opens up the organization to outside threats such as worms or Trojans, malware, spyware, etc. Internal controls are the key to monitoring usage by employees and protecting the business from unnecessary expenses due to security threats.

We often run across clients who are sold by big brand technology companies on a software solution that is going to “do it all” for them and solve every problem they have. The reality check is that there is not a single piece of software out there that can do that, without due diligence being put behind it. Downloading a piece of software shouldn’t even be your first step, it should come somewhere in the middle of the process. Before you even begin to look at software solutions here are some key steps to take:

• Build a plan around business needs - past, present and future - to unveil your organization’s pain points
• Once your pain points have been determined, a clear cut plan must be establishes as to how these can be addressed
• Look for a software solution that will address your needs
• Modify that software to fit your needs (this almost always needs to be done for it to be successful, but it is much easier than building a program from the ground up)
• Implement the software with the support of your entire organization and also with established policies around that implementation
• Enforce said policies and procedures throughout the organization to ensure that your employees are both aware of what is happening and that they are not violating any policies

Nothing is cut and dry - if you are going to invest in technology, make the investment worth your while - don’t just implement and forget about it.

Next Page →