Policies and procedures are two of the words that most employees dread hearing, especially when it comes to IT Security. But we need IT Security policies and procedures for several reasons. One specific reason is that these policies and procedures are necessary and often required for organizations to have in place in order to comply with various state, federal, and industry regulations (e.g., HIPAA compliance).
Generally speaking, one of the primary purposes of our security policies is to provide protection for the Agency and our employees. The policies protect our critical and confidential information, as well as our intellectual property, while clearly outlining employee responsibilities with regard to what information needs to be safeguarded and why. Moreover, policies and procedures provide a roadmap for day-to-day operations and they give guidance for decision making.
Finally, if an organization’s policies and procedures are complete and comprehensive, security awareness simply becomes a matter of making sure that everyone is aware of the policies, the consequences and the business risks of not following the policy or procedure.
You can view Catholic Charities' policies regarding IT and data security by clicking the links below: