Implementing the new or updated policies in the companies can be hectic and troublesome as the outcomes cannot be predicted easily. Due to the failure in implementation plans, lack of involvement of responsible stakeholders, employees lack of understanding might be some of the causes of the failure. This week I am going to talk about the ways we can better implement the security policies in the organization:
Better Communication:
Communicating the new policies to the employees is very important for the company. So these can be done using different techniques:
• Email communication (use features like “read” response back)
• Town hall meeting for all current employees
• New hire orientation for all the new employees
• Awareness campaign and training sessions
• Involve executive directors for departmental visits and group conversation
Involvement of Key stakeholders:
Involvement of the human resources and executive management can led to the smooth implementation of the security plans as these stakeholders are authoritative . HR and managers plays important role in implementing the new policies. One can have them involved in policy framework implementation plan during every phase; review and approvals, publishing, awareness and training. Having their input makes the new policies more insightful and detailed as the new policies have to be in complying with some HR policies. Executives can play the roles of the gatekeeper as sometimes it is easier to implement the new policies when executives are involved. Executives and manager can enforce the policies to their respective department by sending the circulars and emails directly and this is more effective to implement and if they do not follow, managers can take action on those scenarios.
Incorporate Security Awareness and Fun Training:
Security awareness and training cannot be more fun by lecturing and pointing hard to comply with the employees. Rather it should be make more fun, real time demonstration, make all the participants to participate by breaking the training sessions into smaller segments, smaller group, using audio video communication, and games. Providing the refreshments (food/drinks) helps attracting more participants. Games can be more interesting and adding the prizes will certainly add more participants to the training and also from compliance perspective it is efficient.
Release a Monthly Organization Wide Newsletter for All:
A monthly newsletter will be beneficial for reaching out to the employees. In order to make the newsletter succinct only important messages will be included based on the executive’s approval. Make the newsletter interesting by using photographs, background colors, include some security quizzes and reward the employees who answers correct (movie ticket) by lucky draw.
Implement Security Reminders on System Login Screens for All:
This can be implemented using group policy formations. Group the employees based on the department and send the remainders as the first login, create screen savers and display the policies on active screens.
Incorporate On-Going Security Policy Maintenance for All:
When policies are updated or new changes are made they have to be reviewed and based on the feedback needs the upgrade and changes. Employees survey, HR and executive decision, interviewing the users are some techniques that can be used for review and feedback from employees. Logs and software can be used to track the compliance of the policies and progress can be measured every quarter by creating some metrics.
Obtain Employee Questions or Feedback for Policy Board:
For better auditing third party vendors could be employed to conduct the anonymous surveys.
No comments:
Post a Comment