Application Development Policy: Your organization uses many software applications, some that you purchased, and some that you may have developed yourself. Your IT governance policy for these applications must ensure that only authorized personnel have access to them, that they are not copied or redistributed illegitimately, and so on. As a lot of the process depends upon setting and using passwords, your policy on passwords must be detailed and take into account all factors. The Application Development Policy Template is a compilation of several factors which may be important for you while setting or amending policy.

Data Security Policy: The policies that you set in place to secure your organization’s data will stand as a benchmark of your ability to decide policy. Hence this is one policy document you need to pay very careful attention to.

Some points you may wish to keep in mind:

1.Restrict special system privileges, such as the ability to examine the files of other users, to those directly responsible for system management and security.

2.Define user privileges such that ordinary users cannot gain access to the private data of other users.

3.Assign user-IDs to specific individuals, grant group user-IDs for certain shared property only adequate security mechanisms in place.

4.Ensure that all activities of system administrators such as user-ID creation and privilege changes are securely logged and reflected in periodic management reports.

5.Have a mechanism to monitor access privileges associated with a user account (ID), such that those privileges are revoked if the user is no longer eligible for those privileges.

The Data Security Policy Template can be used by you to draw up your organization’s comprehensive policy statement.

Email Security Policy: As much of corporate communications now happen over email, how you allocate privileges to employees who have official email accounts, will matter a lot. Your policy must aim to prevent abuse of the email privileges, and also prevent leakage of critical corporate data through adequate monitoring.

Some points to consider:

1.As all official emails are company, assert the right to monitor their contents.
2.Ensure all mails are scanned for viruses.
3.Prevent abuse of email privileges for unethical or offensive purposes.

You can refer to the Email Security Policy Template as a reference for drawing up your own comprehensive policy.