When you started working in your current role, you were probably asked to read a long list of policies. I know I was.
Let’s face it: reading policies isn’t an especially enjoyable activity. It can take hours, and a lot of what you read might seem like common sense.
But think about this: While you’re reading the policies, you’re on the clock. Your employer is paying you to read them, and paying any other costs associated with having you around.
Your employer is spending a significant amount of money, so you can read your policies. Clearly, they wouldn’t make you do this if they didn’t think it was necessary.
The presence of a lot of the policies you read, is required by ISO 27001 annex A.5.
This might seem obvious, but I think it’d be good to remind ourselves what a policy is.
A policy is a documented set of rules which your employer has in place, and which you have agreed to follow.
Policies govern how you work. They define what actions are expected of you, and what practices aren’t acceptable, as you work.
As I mentioned earlier, a lot of the policies you read might seem like common sense to you; things you’d do anyway – so why do you need to read them?
Well, can you think of any policies that weren’t so obvious to you? If so, these were policies you needed to read.
If the reason for a particular policy seems unclear, you may be able to ask why it’s necessary – but even if your boss won’t explain it to you, ultimately, they’re paying you, and you have to do what they say.
Even if all your policies seem like common sense to you, unfortunately, you can’t know that until you’ve read through them all.
As we’ve discussed, your employer needs policies to establish a set of rules that its employees must follow. You need to read them to know what they are, so you can comply with them.
Reading policies probably isn’t your cup of tea – it certainly isn’t mine. Indeed, it was probably a bit of a chore for whoever wrote them. But it’s a necessary part of working, to varying degrees, in all businesses and organisations.
Streamlining compliance – introducing Inverifi’s new compliance standard templates Introducing Inverifi’s Annex control functionality We’re happy to announce that compliance standards are now live in
ISO 27001 Controls: Developing Secure Apps The importance of privacy and security When you’re developing an application, it is important to consider how it handles
Introducing Diagrams A new way to visualise and connect your organisation’s process flows We are thrilled to announce the release of Diagrams, a brand new
©Copyright Inverifi 2023, All rights reserved. Registered in England, No: 06959535, , +44 20 4574 9908
