POLICIES AND PROCEDURES
The main objective of implementing policies and procedures is to help organizations stay consistent and hold employees accountable. Having standard policies and procedures in place for your organization can provide many benefits. While the main objective might be to help organizations stay consistent and hold employees accountable, it can also help businesses to minimize their legal and information security-related risk. Information Security policies are one of many ways a business can protect itself from cybersecurity threats.
Bedrock Technology can review your current policies and procedures and make recommendations based on the standards published by the National Institute of Standard and Technology (NIST). We recommend annual Risk Assessments to make sure that your organization is as protected as possible from cybersecurity threats.
Information Security Specific Policies:
-
Internet Usage Policy: Many employers use web filtering to block employees from accessing certain sites, for example, social media.
-
Workstation Use and Security: When should an employee lock their computer? If employees have portable workstations, such as laptops, notebooks can their household members access their work computer?
-
Password Policy: This should outline password requirements, such as including upper and lowercase letters, numbers, no personal information, etc. This policy should also state how often employees must change their passwords.
-
Risk Management Procedure: How will a risk analysis be performed? How often? How will safeguards be implemented?
Some examples of policies and procedures all organizations should have in place include:
-
Equal Opportunity
-
Drug and Alcohol
-
Workplace Safety
-
Attendance and Time Off