IT Policy

IT Policy sets limitations on IT strategy in order to follow internal rules, standards, and guidelines and obey external laws. Additionally, IT policy sets broad reactions for various circumstances.

Related Terms

Business Policy is a business’s recorded statements used for the decision-making process. Ideally, this policy is a clear, object-oriented, and holistic set of rules and principles referred to for consistent, standard decision making.

IT Policy Framework is a recorded rulebook or set of principles behind the use of information technology in an organization.

Regulatory Compliance refers to the act of following external laws and policies, such as FISMA, SOX, and CCPA.

Corporate Compliance refers to the act of following internal policies of an organization.

Example

Access Management / Rights Management from NCCOE

Lists the ways Access Rights Management can help improve a company’s data security through theorganization’s poli cies, field guidelines, and government standards.

Contingency Planning from NIST

Recommends the creation of a contingency planning policy that reflects regulatory requirements and includes the scope and requirements of the plan, along with schedules and a clear set of roles and responsibilities.

Disaster and Recovery from the SANS Institute

Includes multiple related contingency plans, including: computer emergency response plan, succession plan, data backup and restoration plan, and equipment replacement plan.

Verification for Access Control from NIST

Describes verification methods for access control models that an organization can use when testing the effectiveness of their security measures and when integrating new technologies to existing ones while still following the business’s policies.

Guidelines