Your IT policies are not like rotisserie ovens; you can’t just ‘set and forget’ them. But how often should you review and update them? Here’s our recommendation.
In general, we recommend reviewing all your IT policies at least annually. It can be your new ‘New Years’ tradition.
Now, for example, is a good time to review your policies around data management and IT security. Why? Because the General Data Protection Regulation (GDPR) comes into full effect in May. Your business must comply with GDPR requirements by 25th May 2018, or face penalties. One requirement is to inform customers of a data breach within 72 hours of its discover - do your policies reflect this? If not, it’s time for an update.
Click here to take our 10 minute quiz and assess your GDPR readiness. We’ll send you personalised tips, based on your answers, to help you get compliant.
If you don’t adapt to the changing IT security landscape, you can quickly find your policies are inadequate. Reviewing and updating each year will help ensure you’re aligned with current best practices and compliance standards.
As stated, we recommend reviewing your IT policies at least annually. But that doesn’t mean that there aren’t other circumstances which may warrant a review.
Here are a few situations which may require you to review, and potentially update, your IT policies:
Whenever your business (or business needs) change, you need to ensure your IT policies keep up with them. This can be difficult, so it helps to ask yourself the following questions while reviewing:
We’re not saying you need to revolutionise your IT policies every single year, or with every little change to the business that may happen along the way. Rather, we encourage you to take a breath, take stock, and ensure that everything is fully up to date. Because if it’s not, your business isn’t just left behind. It’s at risk.