1 / 5

IT Policies & Procedures Week 7

IT Policies & Procedures Week 7. What’s the difference between these concepts?. Which are controls?. A policy A procedure A standard A guideline. What are some of the items that should be included in any policy?. Company logo “Policies and Procedures” title Policy name Objective

jesus
Download Presentation

IT Policies & Procedures Week 7

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IT Policies & ProceduresWeek 7

  2. What’s the difference between these concepts? Which are controls? A policy A procedure A standard A guideline

  3. What are some of the items that should be included in any policy? • Company logo • “Policies and Procedures” title • Policy name • Objective • Applies to • Key guidelines • Samples • Questions? • Last revision date

  4. Your Questions Assuming you need policies, how would you go about deciding how many and which ones? What’s the right mix of policies, procedures, standards and guidelines? Assuming you now have a set of policies, how do you know if they are any good? Working? As an auditor looking at an IT organization’s policies, what would you look for?

  5. Temple’s Social Security Policy Look up Temple’s social security number policy and answer these questions with your team: Is a policy needed? What risk is it addressing? Who does it affect? Is it used? Is it practical? Is it unambiguous? Understandable? How would you measure compliance? How who you communicate this policy? How would you detect a violation? What actions would you take.

More Related