Policy Shapes Outcomes


Policies are guiding principals that are used to shape outcomes and desired end-results.

Recently completed benchmark research conducted by the IT Policy Compliance Group shows that policies – and procedures – for information security are responsible for driving outcomes related to the availability, integrity and confidentiality of information.

The benchmarks show huge gaps in some of the information security policies being used by organizations. For example, organizations with the highest levels of customer data loss and theft have very different information security policies than those with the fewest losses or thefts of customer data.

A clear majority – about 8-in-10 – of the organizations with the least loss or theft of customer data are using 10 unique policies for the information security function. A few of these “top-10” policies for information security, include:

  • Policies describing maximum acceptable risks
  • Policies describing minimum acceptable service levels
  • Regulatory mandates and legal requirements
  • Coverage of third-parties and contractors

In contrast, a slight minority – fewer than 2-in-10 – of the organizations with the highest levels of customer data loss or theft use these same policies.

In addition to information security policies, the recent benchmarks also measure procedures being employed to implement policy.

The research clearly shows that some of the most critical policies – and procedures to implement policy – governing outcomes for the information security function are either being ignored – or are not taken seriously – by almost nine-of-ten organziations.

Look for the upcoming research report for more information at www.itpolicycompliance.com.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: