When we talk to clients as part of an IT audit we often find that policies are a concern, either the policies are out of date or just not in place at all. This often stems from the fact that no-one has been assigned to a permanent security role. It’s left for IT to do when they have time. Of course IT never has time for security and compliance because they are rolling out new and fixing last week’s technology.
In the following series we will cover 10 critical IT policies at a high level for the purpose of understanding their purpose as a foundation for data governance. The following are not complete policies, but summaries that can serve as a general framework for training purposes.
