Develop an Organization-Wide Policy Framework - Implementation Plan
Autor: Joshua • December 21, 2017 • 738 Words (3 Pages) • 1,063 Views
...
- How do you overcome employee apathy towards policy compliance?
Human resources, management, and other employees all have to buy into the organization's policy framework. For organizations that are under compliance laws that require documented security policies, these must be created for organizations and properly implemented, This process must start with security awareness training and educating the employees about the potential liabilities that may occur by not conforming to security policies. This all starts with defining and acceptable use policy or organization-owned IT assets such as workstations, laptops, Internet, e-mail, and web browsing.
- What solution make s sense for the merging of policy frameworks from both a flat and hierarchical organizational structure?
Implement a hybrid flat-hierarchical policy framework defining mandatory policies as dictated by law or other mandate and other organizational specific policies that foster communication and business process-sharing. Allowing free and open communication within an organization that still has structure is the key to hybrid policy frame work definition.
- What type of disciplinary action should organizations take for information systems security violations?
Disciplinary actions for non-compliance may be as simple as employee reprimands, employee performance reviews, performance demerits, or compensation adjustments. For repeat offenders, this may lead to termination of employment. If privacy data or confidential data are lost or stolen, criminal charges may be put in effect, not to mention termination of employment.
- What is the most important element to have in policy implementation?
Executive management support from the CEO and president of the organization.
- What is the most important element to have in policy enforcement?
Human resources must be involved with the disciplinary actions taken when employees violate information system security policies. The policy must be defined in the employee handbook and the organization's code of conduct as part of the acceptance of employment by the employee. The separation of duties between employer and employee is critical to have as part of the overall policy enforcement.
...