IT Policies, Standards, Procedures
LightSprocket works with companies to create, review, update and provide additional guidance for company IT policies and their associated procedures.
IT Policies are a critical part of your organization. They provide the rules for working with technology, the security requirements and drive how employees interact with systems successfully. Standards are the meat of the policy, for instance passwords shall be 12 characters consisting of at least 3 of the four – capitalization, lowercase, special characters and numbers. Procedures are the steps staff take – for instance the IT Password policy will have a procedure document linked for employees giving the how-to steps on changing a password.
We have seen larger organizations have a Policy document, a Standards Document for that policy and procedure documents. We tend to lean to Policy documents that have Standards in the policy for ease of the staff reading the documents. We do understand that this may make it slightly more complex to approve a Policy document with the Board and cause slightly more frequent revisits for the Policy document with the board if changes are needed. We always recommend Procedural documents be maintained and updated frequently by the IT team since Procedures should only require IT leadership sign off when being changed vs the Board level for Policy changes.
When we start Policies from scratch, we style the policy template to your look, working with your branding team to ensure it fits your look. The language we use can be rigid at times because it needs to be, but we want it to reflect your culture. We tend to lean into NIST framework if your organization has no overarching compliance requirements as this framework is widely adopted and openly available.
We have helped mature organizations that may have created Policy within their employee handbook as they grew but now needed to formalize that due to new/evolving business requirements, additional audit scrutiny and legal challenges where incomplete employee handbook statements haven’t provided the protections your organization has required.
Even simple new policy generation, such as Bring Your Own Device (BYOD), can cause a ripple effect. BYOD tends to impact the IT Use policy and a review of the employee manual. We’ll work through this with your team as we go.