Institutional IT Policy, an Essential for Enterprise Information management
An Information Technology (IT) policy defines the rules, guidelines, baselines, principles, best practices and procedures for secure and responsible use of ICT facilities in an oragnisation. Institutional Information Technology (IT) polices provide for use of IT facilities in connection with; execution of duties as stipulated in the job description, learning, research, and approved business activities of a particular institution. IT resources like hardware and software must be treated with care and used only in accordance with the proper operating instructions as stipulated in the IT policy.
Enterprise information management refers to the people, processes and technology dedicated to gathering, managing, disseminating, leveraging and disposing of all information assets used by an institution. It refers to treating information as a corporate asset to be valued and managed as an investment. Information management encompasses all forms of structured and unstructured information; databases, records, email, documents, Web content, etc. that arises for use from inside or outside the four walls of the organization. Because of the vast amounts and different types of content used by information workers, and the difficulties of discovering, using and merging information, information management is essential to managing operations, growth, productivity, efficiency and cost. Today, organisations have transformed to using Information Technology as a means of managing Enterprise information.
However, if IT is not well managed, will expose enterprise information to; manipulation, theft, alteration and loss, hence the need to have an Institutional ICT policy.
The ICT policy calls for Users of ICT facilities in an institution; to take all necessary steps to protect and maintain the security of any equipment, software, data and/or information, storage area and/or passwords allocated for their use; not to use any IT facility for a purpose other than that for which they are authorized; to seek advice if they have any doubt about their authority to use any of the IT facilities; to comply with all their legal obligations affecting their use of IT facilities, including; Copyright, Defamation, Computer Misuse, Data Protection, Official Secrets, Obscene Publications.
The IT Policy ensures that all individuals using the IT resources understand their responsibility with respect to protecting the Information technology equipment and data. It also helps the users to operate efficiently yet effectively.
An IT policy should include but not limited to the following; Data Policy, Access Policy, Information processing policy, Document processing policy, Disaster Recovery Plan, Software and Hardware Policy, Cyber Crime, Compliance, Password Policy, Training of Staff and Discipline for violations
Implementation
You cannot implement what senior management won’t support. Sure, you will need the employees to buy into the process, but the biggest element of success depends on making sure that security flows from the top. With senior management leading the way, you can further ensure success by setting up a data-classification scheme so that employees realize the importance of the data they work with. You will also want to consider employee training to enable the employees learn good practices. As a final step to building the policy, have some controls that will enable monitoring of compliance to the policy.
Overall, the Policy defines management’s interventions for governing operations and activities in accordance with best industry practices.
No comments:
Post a Comment