I need two responses of at least 150 words each for the below students discussions for this week. Also in the bold below are the questions the students at answering.
1. Why is it necessary to have principles for policies?
2.What is governance and compliance? Why is it necessary to enforce governance and compliance in an organization?
1. â€ŠPolicies are laid down rules that help to guide the operations of an organization. Through the help of clear policies, it is possible for organizations to achieve the desired protocol, thus enabling operations to take place as predetermined. Therefore, there is no doubt that with proper principles for policies, it will be possible to handle risks, uncertainties, and related ethical issues that may put the organization, employees, and other stakeholders in a position of conflict (Siponen, Mahmood, & Pahnila, 2014). Organizations have different priorities and if not careful, the managers may spend countless hours creating rules for employees to guide their daily operations. With clear policies, employees and other stakeholders are aware of what is expected of them and this gives the management free time to focus on other priorities. Working in such environment guarantees employee safety, thus minimizes the incidents of accidents leading to injuries and loss of lives. Principles for policies serve as important forms internal and external control. In this context, an organization will benefit positively from policies that are formulated to enhance its internal and external security for premises, data and information, and patent rights among others (Bulgurcu, Cavusoglu, & Benbasat, 2010). This will minimize the cases of loss through theft or reach by unauthorized personnel. Policies are control mechanisms, and therefore, they will definitely minimize unacceptable behaviors among the employees and other stakeholders in the organization. Through policies, it is also possible for an organization to minimize its costs. Here, an organization will need a policy that emphasizes on the possible means of cutting down cost. For instance, it may be logical to instill surveillance cameras at some points instead of having security guards all over the organization premises.
2. Governance and compliance entails the capability to achieve goals, handle uncertainty, and act with integrity. Various departments in an organization including finance, human resource, information technology, and internal audit among others should be guided by the principles of governance and compliance. This enables an organization to maintain acceptable levels of accountability (Bulgurcu, Cavusoglu, & Benbasat, 2010). Therefore, it is evident that governance and compliance does not burden oneâ€™s business, but instead, it supports and improves it. Integrating governance and compliance in an organization does not necessary call for creating a large separate department, but adoption of one software system that is effective enough to manage all the required activities. Therefore, it is necessary to enforce governance and compliance in an organization because it leads to reduction in costs since most of the activities are done by one software system, thus minimizing expenditure on labor and other related costs. Governance and compliance helps to minimize duplication of activities. Through effective check-off systems, it is possible to avoid repetition of similar tasks which end up costing the organization unworthily. Such uncertainties and others are effectively handled, hence enabling the organization to focus more on the possible ways to achieve its goals and objectives while minimizing expenditure where possible. Another accrued benefit of governance and compliance is that it enables an organization to achieve greater information quality and safety (Weiss, 2016). Here, information is accessed by only the relevant personnel and this minimizes the cases of mishandling and sharing of data and information with the wrong people. Also, the system allows an organization to gather this information quickly and efficiently, thus enabling management to handle various uncertainties, problems and decisions in a sound manner. Governance and compliance enables an organization to maintain and sustain its desired image in the eyes of the public, thus winning the loyalty of its customers as it appears to adhere to internal and external regulations set by the government and other regulatory bodies.
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS quarterly, 34(3), 523-548.
Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employeesâ€™ adherence to information security policies: An exploratory field study. Information & management, 51(2), 217-224.
Weiss, T. G. (2016). Global Governance: Why? What? Whither? John Wiley & Sons.
Creating policies involves several steps to ensure a solid framework is in place for all employees to understand. Part of the policy framework is putting core principles in place that stretch across the entire document and even shared across multiple policies. The importance of having policy principles is a general expression for executive level employees to have the companies core values and expectations explained as reinforcement to the policy framework. The principles will not be as detailed as the main body of the policy and takes a general view without technical terminology to ensure all employees can understand the key components. This helps organize the document, keeping the core elements in mind while also having the opportunity to explain expectations including zero tolerance policies. A good example is in an internet usage policy where information can become clouded deeper in the policy, but the outlining principle explains that inappropriate internet usage will not be tolerated. It is a clearly defined expectation that there is zero tolerance to abusing the internet policy.
Having policies in place is a big part to maintaining security in an organization but without governance of those policies ensuring compliance of the rules then having those policies in place does not make a difference. Governance is the plan and actions that will be carried out to make sure the policy is being complied with. If it is not enforced, then the organization is just using the policies as show to make people believe standards are being followed. In some circumstances this will only hurt the company and its employees but in others where compliance is required, this could hurt customers as well with a breach following non-compliance.
Johnson, R. Security Policies and Implementation Issues. [VitalSource Bookshelf]. Retrieved from https://online.vitalsource.com/#/books/97812840706…