5 tips on policies

Enforce the policies

Enforce the policies through incentives. Make sure that you use the policies, or they may be useless when you try to enforce it 5 years down the line.

Follow up policies with technology

Use technology to control and enforce the policies. Never develop policies to adapt to the technology - it must be the other way around. If in doubt, hire specialist.

Review and audit regularly

Technology, markets, regulations and people change all the time. Policies need to be audited and adopted as you go - regularly. Make sure employees are allowed to suggest changes. If errors are discovered - make sure to act swiftly to update the policy.

Corporate governance is key

Corporate Governance is not only a new buzzword. It is only a new name for an age-old best-practice.

1. Set targets / visions

2. Draw the path through strategies and tactics.

3. Compare the outcome with targets/vision.

4. Start over

The purpose is simply to put forward a set of methods to ensure quality, trace-ability and documentation. You can do it in large scale or small scale - the principles stay the same.

Remove the bad apples

Bad apples must be handled correctly. Get rid of them by using their forces and turning them into valuable gems.

Or, throw them out of the basket.

------------------------------

This is part two of the article Bad advice for good security, as appear on Risksopportunities 2007.

Part one is available here.