What Are Some Common Tech Policies?

We also have this information in video format.

And what policies should you have for your organization?

Short answer, it depends. Some common policies that are important for all companies to have are:

  • An acceptable use policy that defines what employees are allowed to do and not to do in the organization – especially around how they use technology.

  • Bring your own device policies and/or mobile device policies that dictate how employees can use their portable devices to access company data.

  • Remote access policies. Again, policies to govern how employees are allowed to connect remotely and what they're allowed and not allowed to do.

  • Employee onboarding and offboarding policies. What standard items happen when a new employee comes into the company versus when they're not there?

  • Removable media policy. Are people allowed to use flash drives or external hard drives for company data?

  • A password policy what governs how passwords need to be handled by their employees

  • Electronic funds transfer policies for your finance department to make sure there are controls around what people know about what happens when money is being sent to and from the organization.

  • Social media policies, include information about what employees are allowed and not allowed to post on social media.

These are just some common examples of IT policies.

Ultimately, an organization should look to have policies to govern various aspects of their business and to set the tone for what happens.

So, what does it mean when we say “it depends?” Ultimately, there may be regulatory, contractual, and industry compliance obligations that may require specific policies above and beyond what we mentioned here.

Without those policies, technology can't be aligned to any given standard. You set the policy, you then build out your standards, your baselines, your guidelines and move down from there.

Contact us for more information on tech policies.

Adam Evans, CISSP

About Adam Evans, CISSP

Adam is a seasoned cybersecurity professional with more than a decade of experience in the MSP industry. He started his career as a helpdesk engineer and worked his way up through various technical roles to specialize in cybersecurity – specifically GRC, security architecture, and defensive operations. 

Adam is passionate about sharing his expertise and insights with the next generation of security professionals. He believes that by working together and sharing knowledge, we can make the world a safer and more secure place for everyone.

Connect with Adam on LinkedIn: https://www.linkedin.com/in/grcadame/

Previous
Previous

Why Should You Have Endpoint Detection and Response?

Next
Next

Are You Overpaying for IT Managed Services?