General discussion


IT Policy

By hswart ·
I have the lovely responsibility to create an IT policy for the company I work for. To give you some background: 55 workstations 1 server

I basically need to write an IT policy that consist out of the following.
Workstations - Hardware / Software / Data
Email - Virus / Spam
Internet - Usage / Security
I have read some articals on how to write policies and have a good idea of what to do, but I would like to hear from guys that has done this before.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by angry_white_male In reply to IT Policy

Make sure you get management's blessing of the policy you write - otherwise it will be worth less than the paper it was written on.

Collapse -


by jbaker In reply to IT Policy

If you go to [] , there are copies of any type of poliy that you could ever need. If you read over the tutorials, they will pretty much walk you through the things that you need to know.

Collapse -


by hswart In reply to SANS

Hey, thanks man. This site is pretty useful. Today I am going to spend some time with our HR manager to get the ball rolling.

Collapse -

Excellent Resource

by damon In reply to SANS

Hey Guys,

This is a great site - i am in the process of reviewing our own policies.
Many Thanks

Collapse -

Key Word Searches

by BR-549 In reply to IT Policy

The reources listed are great, but, they are often designed for large organizations. I have found many by doing key word searches on the internet. Just know what areas to cover may be half the battle. The following link will show you a control framework for scaled down to the critical elements. While not a policy you can see what should be covered.

Collapse -

Developing policy

by j.lupo In reply to IT Policy

Techrepublic is a good place to start in the downloads area to get you started. There are some templates you could use to get you started on what to think about and consider.

I would also suggest something I have found very useful. Observe the current processes for each area that is needed for your organization to run smoothly. Keep in mind that your IT area is a part of the larger picture. So any policies and procedures you set should keep you aligned with the overall strategy and needs of the company.

Also, as you observe how things are currently working, ask questions about why something is done a certain way and how others might do it differently. Build "buy-in" with the community about the policy so that when it is done, they feel like they were a part of creating it and therefore should follow it.

The point is that before you can write anything, you need to gather as much knowledge as possible about the current state of things.

Collapse -

Your employer's mission

by Info-Safety, LLC In reply to IT Policy

Good IT policy is informed by the company mission. For example, if you are in the life support business, 99.9999% uptime is a reasonable expectation.

Collapse -

Suggested course of action

by razianwar27 In reply to IT Policy

I'd suggest you to observe & prepare notes on all the IT resources and processes in your organization. Develop a clear idea about these aspects and then move on to the documentation process. you need to observe the practices implemented in your organziation and then search for the relevant policies on the internet.

Related Discussions

Related Forums