As we wrote in our last post, an enforceable IT security policy is an important part of your organization’s security strategy. Unfortunately, many companies don’t have this policy. As many as one in three companies lacks an information security policy.
It’s not enough to develop this and then put it away. Depending on the size and type of your business this should be visited at least annually with the stakeholders in the systems and processes that are part of the security policy. If this is not done it is difficult to enforce and be sure it meets the needs of the business over time.