The document outlines the importance of establishing IT policies for companies. It discusses how policies help define appropriate and legal use of technology, protect sensitive data and intellectual property, and reduce security risks and legal liability. The document also describes how well-defined IT policies improve efficiency, compliance, and establish guidelines and culture of security for employees. Key aspects that policies may cover include email, internet, hardware and software usage, access controls, backups, and third party access. COBIT is referenced as a framework to help optimize IT investments and governance.

1. IT POLICY

2.  Liable for the acts of Employees and Agents etc.
◦ Strict Liability
◦ Vicarious Liability
 Data
◦ Protection and
◦ Secrecy
 Are the norm of the day.
WHY “IT POLICY”!

3. “A policy is a statement that reflects the moral,
ethical and legal position of an organization with
regards to particular issue or activity”.
Policies depend on:
Size of the company,
Sensitivity of the information
Type of information that business handles.
Security of data and information throughout the
service life cycle is crucial to every organization to
survive.

4.  Email and Internet Usage
 Laptop/Desktop Usage
 Hardware Usage
 Security of Computer Network
◦ System Access
◦ Virus Protection
◦ Installation Rights
 System back up and Maintenance
 Third Party and Remote Access

5. Company valuable IP Assets include.
◦ Patents
◦ Designs
◦ Copyrights
◦ Trade Secrets (Unpatented)
◦ Customer Data
◦ Business Data
◦ Third Party Data
◦ Formulas
◦ Source Code
◦ Employee Information
WHY “IT POLICY”! .. Continued..

6. A company UNDER LAW obliged to protect sensitive personal data of its
customers and employees.
◦ Reference:
 Information Technology Act, 2000
 Holds the Company liable
 Civil action- compensation under Section 43A
 Criminal action- Punishment under Section 72A
if they fail to protect any sensitive personal data that they own.
LEGAL & CONTRACTUAL
OBLIGATION OF A COMPANY!

7. A Company may be held liable
 To pay Compensation
or
 Criminal Prosecution
For
 Negligence in handling of data, or any information
leading to DEFAMATION
 Use of unauthorized or pirated software

8.  Criminal prosecution-(IT Act, 2000) dealing with
cybercrime and electronic commerce is based on the UN include:
◦ Tampering in source documents-
◦ Sending off offensive messages through
Computer & Communication devices

9. ◦ Punishment for identity theft-
◦ Cheating by impersonation-
◦ Violation of privacy by use of electronic
means of a company-
◦ Publication or transmission of obscene
material in electronic form-

10. Information technology means & includes:
computers,
computer-based networks,
computer peripherals,
operating systems,
e-mail,
Intranet,
Any Software available by a Company
for the purpose of supporting its goals or providing quality
services to customers, or increase shareholder value and foster
employment satisfaction.
IT Resources of the Company may Include

11. Implementing IT policies within your organization help in:
Time Management
Employer & Employee Relationship
Customer Relationship
Reduces the risk of pirated and unauthorized usage.
Bandwidth Protection
◦ Authorized use of Company network and resources.
ADVANTAGES OF IT POLICY

12. ADVANTAGES OF IT POLICY- cont’d
Minimize potential risks to your business
Create a framework for your employees to
operate within.
Ensure organization in a state of compliance
Elimination of fraud and waste.
IT policies must align with business policies.

13. Information Technology policy intends to:-
Establish a culture of security and trust for all employees;
Establish guidelines governing proper use of IT and Internet by
all employees;
◦ Improvement of efficiency and performance
◦ Control Internet usage;
Contd…..
OBJECTIVE & PURPOSE OF
INFORMATION TECHNOLOGY POLICY

14.  To supplement, not replace, all existing laws, regulations,
agreements, and contracts;
 Preserve the integrity of the information technology systems;
 Protect IT systems against the accidents, failures
or improper use;
 Reserves the right to access confidential data;
Contd/--
OBJECTIVE & PURPOSE OF
INFORMATION TECHNOLOGY POLICY….

15. Reserves and limit to copy, remove or alter any data,
file or system resources;
Maintain a high level of professionalism in keeping
with Code of Ethics;
Maintain Company’s reputation among trade and
public.

16.  Most of our communications are now electronic.
 Recipients of electronic documents like
◦ agents,
◦ distributors,
◦ customers etc.
needs the source and authenticity
of the documents or messages.
 Satisfy audit requirements
Contd….

17.  Assist in compliance with applicable
◦ laws
◦ Regulations
◦ Guidelines and recommendations
 Mitigate risk from a security incident
 Educate users on sound security
practices
 Reduce legal risk
INTRUSIONS
ARE
NOT
ALW
AYS AS
OBVIOUS
AS THIS
EXAM
PLE

18. Espionage
Employees falling to a trap and
passing sensitive and secure data of
the company.

19. Harassment
Viewing inappropriate content, such as
hate or violence, can create an
environment that is hostile and offensive
for co-workers, and can damage co.
reputation
Productivity
Frequent online browsing,
shopping, and chatting can get
in the way of getting the work
done, and often leads to
resentment from the coworkers
Viruses
some websites can lead to
viruses, spyware, or other
malicious software getting into
the network.
Service Interruptions
Large downloads and
streaming audio and video can
suck up network resources
that other employees need to
do work and service customers

20.  All
◦ Directors
◦ Employees,
◦ Part-time employees,
◦ Industrial Trainees,
◦ Contractors,
◦ Agents,
◦ Anyone in organization directly or indirectly
associated with conducting business within
organization.

22.  1. Communication Skills: if you want to
succeed.
 2. Benchmarking: Comparing your
performance with the best.

23. 4. Safety in Teams: Every business wants a
safe environment for its staff.
5. Tolerance in the Workplace: The challenge
of 21st-century workplace. Learn how to help
others be more tolerant, and find out when you
need to "draw the line.”

24.  6- Innovation: The desire and ability of the company to
venture into new, breakthrough areas of opportunity and
produce record setting results in various fields.
 7-Quality of Services: in terms of presentation,
functionality, value, speed, timeliness, reliability, courtesy,
friendliness..etc.
 8- IT security roles, policies and
procedures: management and security actions must be in
line with business requirements.
 9- Confidentiality: Information can be accessed only by
authorized users, Ensure business transactions and
information exchanges can be trusted.

25. 1. COBIT
2. Risk Management
3. Security
4. Internet Security, Acceptable use & email
usage policies
5. Benchmarking

26.  “Control Objectives for Information and Related
Technology (COBIT) which help:
 optimize IT investments,
 ensure service delivery
 and provide a measure to check when things do
go wrong.
 Since COBIT being IT best practices and the
framework for IT governance,
 it helps organizations understand and
 manage the risks and benefits associated with IT.

27. COBIT subdivides IT into four domains:
Plan and Organize, PO
Acquire and Implement, AI
Deliver and Support, DS
Monitor and Evaluate, ME