Print
Types of Policies on Offer
November 23, 2009 – 9:54 pm by Lance MichalsonOnline Legal offers 2 types of policies:
- HR polices; and
- Information security policies.
Both are a “species” of policy found within an organization. Others include Finance Policies and “IT Policies“.
At a high level, information security policies focus on managing and protecting data, whereas IT Policies generally tend to focus on the supporting processes (e.g. procurement policies) and supporting systems.
There is an overlap between HR Policies and information security policies to the extent that the “human factor” is common to both of them and both therefore cover issues involved in the employer/employee relationship.
Whilst HR Policies tend to focus on issues such as leave, safety and health, smoking, sexual harassment, HIV/AIDS, information security policies are aimed at protecting and preserving data belonging to the organization which is generated by those employees in the course and scope of their employment. More particularly, they are aimed at preserving (i) confidentiality (ensuring that information is accessible only to those authorized to have access), (ii) integrity (safeguarding the accuracy and completeness of information) and (iii) availability (ensuring that only authorized users have access to information when required).
In our experience, the HR and IT Departments are not good at “speaking to one another” the end result being that a lot of important information security related risks posed by employees through their use of technology are not dealt with and “fall through the cracks“.
Similar:
- Different Species of Company Policies
- Information Security Policies support Compliance
- Does Your Organization Need Information Security Policies?
- Infosec Policies - Role of Attorneys
- Email Usage Policy
Sorry, comments for this entry are closed at this time.