tag:blogger.com,1999:blog-4631200414899554974.post938172237286654731..comments2024-03-13T07:15:41.680+00:00Comments on From a Distance...: Lost laptops and discsAnonymoushttp://www.blogger.com/profile/03087922860279622347noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-4631200414899554974.post-4602835863591374852009-09-23T19:51:26.726+01:002009-09-23T19:51:26.726+01:00The UCISA workshop I went to about Information Sec...The UCISA workshop I went to about Information Security Policies gave some very useful advice on actually getting folks to adhere to policies.<br /><br />The key message from that for me was to try and keep your IS policy brief (two pages) and have policies that apply and can be understood by identified groups of users. So the IS policy applies to everyone and tells them what else they should be aware of, e.g. Information Handling for Finance and HR staff, Sys admin charter for CiCS staff, both for SAP BASIS staff and so on.<br /><br />Privacy impact assessments for projects sound like a good idea but perhaps not a popular one! However any research involving personal data has to demonstrate it conforms to standards etc... why shouldn't projects? Of course, when I want a new IT service implemented I'll not be happy about any extra consultation and form filling.Chris Willisnoreply@blogger.com