Compliance
My Favourite Standard: ISO 3103
My Favourite Standard: ISO 3103 The standard that governs the process of making a cup of tea When I write about ISO, more often than
20th March 2023
When you started working in your current role, you were probably asked to read a long list of policies. I know I was.
Let’s face it: reading policies isn’t an especially enjoyable activity. It can take hours, and a lot of what you read might seem like common sense.
But think about this: While you’re reading the policies, you’re on the clock. Your employer is paying you to read them, and paying any other costs associated with having you around.
Your employer is spending a significant amount of money, so you can read your policies. Clearly, they wouldn’t make you do this if they didn’t think it was necessary.
The presence of a lot of the policies you read, is required by ISO 27001 annex A.5.
This might seem obvious, but I think it’d be good to remind ourselves what a policy is.
A policy is a documented set of rules which your employer has in place, and which you have agreed to follow.
Policies govern how you work. They define what actions are expected of you, and what practices aren’t acceptable, as you work.
As I mentioned earlier, a lot of the policies you read might seem like common sense to you; things you’d do anyway – so why do you need to read them?
Well, can you think of any policies that weren’t so obvious to you? If so, these were policies you needed to read.
If the reason for a particular policy seems unclear, you may be able to ask why it’s necessary – but even if your boss won’t explain it to you, ultimately, they’re paying you, and you have to do what they say.
Even if all your policies seem like common sense to you, unfortunately, you can’t know that until you’ve read through them all.
As we’ve discussed, your employer needs policies to establish a set of rules that its employees must follow. You need to read them to know what they are, so you can comply with them.
Reading policies probably isn’t your cup of tea – it certainly isn’t mine. Indeed, it was probably a bit of a chore for whoever wrote them. But it’s a necessary part of working, to varying degrees, in all businesses and organisations.
My Favourite Standard: ISO 3103 The standard that governs the process of making a cup of tea When I write about ISO, more often than
ISO 27001 Controls: Handling Security Breaches How to deal with them when to do when they do happen The purpose of ISO 27001 is to
Introducing Answers Simplify Documentation Management with Inverifi At Inverifi, we understand that managing documentation for compliance can be time-consuming and laborious. That’s why we have
©Copyright Inverifi 2023, All rights reserved. Registered in England, No: 06959535, , +44 20 4574 9908