IT Policy & Procedure


At the centre of the control environment for an organisations technology must sit a comprehensive yet understandable set of IT policies controlling the behaviour of administrators, management and users of systems. Comprehensive and effective IT policies need to be understandable and provide clear direction and guideline to users on the requirements and criteria which must be met in the operation, use and security of the organisational IT systems.

Organisations are increasingly moving towards establishing robust Information Security Management Systems (ISMS) as a means of protecting an organisations IT assets, infrastructure and systems at the core of which is defensible and structured IT Policy suitable to the business environment in which it is implemented. ISO 27001 has a core set of assessable elements one of which the establishment of sound and defensible IT policy frameworks for those organisations looking to gain certification over the governance of their ISMS.

Vestinex is adept at providing advice and review services in respect of all elements surrounding IT policy and does not employ a “one size fits all approach”. It is critical in our view to understand the business environment prior to establishing policy and IT controls to provide the requisite operational functionality, with the required security and user requirements upon which any policy should be based.

Alternatively and at an investigative level policies are critical to the success of investigations for misconduct and misuse of IT systems and must provide a defensible basis upon which to assess compliance or transgressions of policy and upon which to implements actions against staff who transgress policies intentionally or otherwise.