Golden Rules for creating Information Security Policies

As we continue to work with our health and social care clients, supporting their information governance compliance demands, we are encouraging them all to read through the Gartner report on the Five Golden Rules to creating an effective security policy.

According to this Gartner report, “Policy is an important form of communication about risk, and the impact on the reader will be maximised if the text is well-crafted in organisational appropriateness and writing style.” The report also states that: “Fortunately, the use of a few best practices for the planning and writing of policy can make a big difference in its effectiveness in reducing risk.”

Read “Five golden rules for creating effective security policy” to find out how to:

• Create a process for developing and maintaining your policy

---

• Use a structured approach to support flexibility

---

• Make sure that your policy is pragmatic by testing it out

---

According to this Gartner report, “Badly worded policies can introduce problems such as inconsistent policy positions, the inability to ensure compliance, unacceptably high-risk profiles or unnecessarily high costs.“

Organisations should understand not only the common pitfalls of security policy development, but also how to create and maintain a policy effectively.