Home : Networking : News

ICT security policies must be understood

While most firms have ICT security policies in place, many don't bother to ensure such documents are understood by employees, according to a survey by NETconsent and the Federation Against Software Theft (FAST).

By Nicole Kobie, 27 Jul 2007 at 12:12

gallery

UK firms have ICT security policies in place, but they don't ensure employees actually understand them, according to a survey by NETconsent and the Federation Against Software Theft (FAST).

Nearly all of FAST's members have security policies, with 60 per cent updated annually. But more than three quarters of the survey's respondents said they don't do anything to ensure that employees are completely clear about what these ICT policies mean to them.

"Policies are an important communication tool not only to educate users and remind them of their rights, responsibilities and the consequences of their actions, but also to protect them," said John Lovelock, director general of FAST.

But 44 per cent of those surveyed said they lacked confidence in their co-workers' understanding of those policies and 40 per cent have had to start disciplinary action against a member of staff for breaking policy.

"It is surprising that such a high proportion of respondents have concerns surrounding their colleagues' understanding of policies yet still don't have a process to educate and test policy recognition," Dominic Saunders, NETconsent's operations director, said in a statement. "Effective policy management is fundamental to managing risk and improving compliance."