Inverifi logo

ISO 27001 Controls: The Importance of Policies

Privacy terms and policies

When you started working in your current role, you were probably asked to read a long list of policies. I know I was.

 

Let’s face it: reading policies isn’t an especially enjoyable activity. It can take hours, and a lot of what you read might seem like common sense.

 

But think about this: While you’re reading the policies, you’re on the clock. Your employer is paying you to read them, and paying any other costs associated with having you around.

 

Your employer is spending a significant amount of money, so you can read your policies. Clearly, they wouldn’t make you do this if they didn’t think it was necessary.

The presence of a lot of the policies you read, is required by ISO 27001 annex A.5.

What is a policy?

This might seem obvious, but I think it’d be good to remind ourselves what a policy is.

 

A policy is a documented set of rules which your employer has in place, and which you have agreed to follow.

 

Policies govern how you work. They define what actions are expected of you, and what practices aren’t acceptable, as you work.

Why do I need to read them?

As I mentioned earlier, a lot of the policies you read might seem like common sense to you; things you’d do anyway – so why do you need to read them?

 

Well, can you think of any policies that weren’t so obvious to you? If so, these were policies you needed to read.

 

If the reason for a particular policy seems unclear, you may be able to ask why it’s necessary – but even if your boss won’t explain it to you, ultimately, they’re paying you, and you have to do what they say.

 

Even if all your policies seem like common sense to you, unfortunately, you can’t know that until you’ve read through them all.

Conclusion

As we’ve discussed, your employer needs policies to establish a set of rules that its employees must follow. You need to read them to know what they are, so you can comply with them.

 

Reading policies probably isn’t your cup of tea – it certainly isn’t mine. Indeed, it was probably a bit of a chore for whoever wrote them. But it’s a necessary part of working, to varying degrees, in all businesses and organisations.

More blogs you might like