The assignment below addresses policy implementation, enforcement, and compliance for a fictional Health Care company. Within it we address needing the executive buy-in and support for a successful policy implementation, as well as ways to enforce. Enforcement is addressed by monitoring and reporting mechanisms to ensure there are no violations and that if there are they are addressed and reported to leadership.
In addition, part of the reporting is to ensure that communication of changes to policies flow down from management and that any problems with policies or concerns flow upward. This most often requires dedicated information security personnel to ensure that policies comply with laws, regulations, and company goals and that there is an accountable and responsible person for managing and enforcing policies. Creating a communication plan ensures that everyone is aware of the person to whom the problems should be reported, and that changes to any policies can flow down from the appropriate and authorized person.
Finally, there must be training to ensure that employees are aware of the policies and how to ensure they do not violate them. This may be accomplished by new hire training, as well as annual refreshes. In addition, whenever a policy changes significantly then additional training best ensures that employees are aware of how to follow policies. Compliance aspects may change throughout the year and so policies should be reviewed regularly and updated and training may again be the most effective way to ensure compliance by employees.
References
In addition, part of the reporting is to ensure that communication of changes to policies flow down from management and that any problems with policies or concerns flow upward. This most often requires dedicated information security personnel to ensure that policies comply with laws, regulations, and company goals and that there is an accountable and responsible person for managing and enforcing policies. Creating a communication plan ensures that everyone is aware of the person to whom the problems should be reported, and that changes to any policies can flow down from the appropriate and authorized person.
Finally, there must be training to ensure that employees are aware of the policies and how to ensure they do not violate them. This may be accomplished by new hire training, as well as annual refreshes. In addition, whenever a policy changes significantly then additional training best ensures that employees are aware of how to follow policies. Compliance aspects may change throughout the year and so policies should be reviewed regularly and updated and training may again be the most effective way to ensure compliance by employees.
References
- Bosworth, S., Kabay, M.E., and Whyne, E. (2014). Computer Security Handbook. Hoboken, NJ: John Wiley & Sons.
- Johnson, R. (2015). Security policies and implementation issues. Burlington, MA: Jones & Bartlett Learning.