For a majority of small organisations, security policies will make a big difference when something goes wrong. Security policies can not only set the intentions for strategic thinking but all expected behaviour, how to handle certain incidents, etc. In some respects they may end up being as much for all other stakeholder groups for the organisation, including, employees, directors, customers, regulators, investors, etc. So, it is not only important to have them, but to ensure that you have good coverage for your Organisation.
This is edited content from Sarb Sembhi and co-host Nick Ioannou. Also in video and podcast media.
Table of Content
- Introduction to security policies for Small Organisations
- Why have security policies in a Small Organisation?
- Security policy suggestions
- Security policies provide staff guidance
- Management and human resources clarification
- Security policies help Revenue Growth and can assure larger customers
- Having pre-prepared security policies saves time
- Government purchasers also want to see security policies
- Security policies may help discussions with regulators after a breach
- Security policies must be reviewed
- What other documents should Small Organisations have?
- Conclusion of Policies for Small Organisations
Introduction to security policies for Small Organisations
Today we are looking at why Small Organisations should have security policies. We often get asked, "do we need to have security policies as a Small Organisation?" Or, "what's the point of them?" Or, "we're not a big enough organisation." Or, "what difference would it make to anyone, if we had policies?"
Why have security policies in a Small Organisation?
There are many benefits for Small Organisations to have security policies, including:
- Providing guidance for employees
- Clarify issues for human resources
- Attract large enterprise customers
- Saving time for when policies are requested by customers, funders, or partners, etc.
- Help with clarifying the importance of security to regulators if the organisations are investigated.
But before going into the benefits, let’s take a quick look at some of the policies we are suggesting and why they are useful.
"Having policies for employees ... provides guidance on how the organisation views security."
Security policy suggestions
We will explore security policies in more detail another time, but the most important security policies all Small Organisations should have include, an Email Policy, an Internet Use Policy and a Data Protection Policy. Because staff data is a big part of the information that Organisations hold a lot of, when it comes to highly detailed personal information, including medical information, tax, addresses, contact numbers, next of kin; basically, it's all there.
On top of those three, there needs to be an overall Security Policy, which covers all the things that are necessary from any user perspective, like passwords, social media, email, what they can and cannot do, etc. Then finally, depending on the sector the Organisation is in, there may be a need for policies around employee responsibilities related to data protection, or even one that relate to some of the standards that will be used to ensure security, for example. encryption, etc.
This section of the article is only available for our subscribers. Please click here to subscribe to a subscription plan to view this part of the article.
Infographic images are copyright of Virtually Informed, and available to registered users for download during the publication week of the blog article together with other downloadable resources, including: all related infographics on this page, example policy templates, posters, screen savers and much more.
Actions and Activities
Now, on SaRB for SMOs:
- Help us to help you by completing our short poll on this topic (only available when article is published).
- Let us know which FAQs you would like us to answer.
Later, in your Organisation:
- Complete Board level Policy Review
- Update Policy
- Present to the Board for Agreement
Finally, if you know anyone who could benefit from the information you have viewed, please invite them to register for SaRB for SMOs and share our resources with them.
Virtually Informed Resources:
- Glossary - at the top of this blog article (link to items).
- Infographics (Downloadable in the week of publication).
- Download Items - Policy Templates, etc. (Downloadable in the week of publication).
- FAQ’s (Available soon).
- Blog articles (link to items )
- How To articles (links only available to Premium subscribers).
- Other content (available soon)
- Ponemon Institute Survey
- Other Survey information
Images from https://www.pixabay.com.