Writing a Good Security Policy

You may or may not have someone in your organization assigned to security. You may be the person who handles any security concerns. But if you don’t involve all of your employees, the best security plans in the world can fall apart.

There’s no point in having strong doors if your employees prop them open for ease in getting in and out of the building. Computer passwords are useless if everyone posts them on their bulletin boards to help them remember. Straightforward policies that are explained and enforced are important in any business, no matter what size or type. Here are some ideas to consider as you start building a policy to keep everyone in your company, as well as office, restaurant or store property, safe.

Think simple.

This is no time for lawyer-speak. It’s not about protecting you from liability as much as it is about protecting against problems occurring in the first place. Everyone needs to understand.

Think complete.

Security includes property, employee, customer and data safety, not necessarily in that order. Your policy should address every area.

Think “what if.”

One good way to involve your employees is to ask for their help in considering as many contingencies as they can think of and security policies that will reduce or eliminate risks.

Think check-lists.

In hospitals, medical personnel – even those with years of experience – found that using checklists significantly reduced the number of errors or omissions. Creating one or several checklists helps to ensure that security doesn’t start to slip over time.

Think measurement.

You need to make sure your policy works. The best way to do that is to set defined expectations and then measure them. This encourages everyone to keep track of security issues on a regular basis.

Think accountability.

Make sure all security responsibilities are assigned to specific people. This limits the opportunity for excuses later and encourages employees to take their role in company security seriously.

Think consequences.

Violating the security policy is not an excusable offence. When you outline the policy, also outline the consequences for not following it. Make sure the consequences are real and that you apply them without exception. The first time you let something go, your policy has lost its power.

Think current.

Last year’s policy may not cover new problems or concerns. Be sure to review your policy once a year, or if something changes such as a move to a new building or opening a branch office.

Just do it.

Don’t rush through on your policy or let it slide down the priority list as other business issues surface. The requirements of running a business at the moment always seem to trump the need to address long-term concerns. You just don’t want to be that company that has a serious problem because you never found time to address the policies you need.

About Alarmingly Affordable

If you have a strategic plan, make sure writing your security policy is in there, with deadlines and milestones. Give this effort as much respect as you give your bread-and-butter work. This is not an attempt at scare-mongering, but too many companies have ended up in trouble by ignoring security issues. Make a commitment to safety and your organization can only benefit. As always, the professionals at Alarmingly Affordable are available for guidance and resources in this regard. Call us today to get started.

Steven Capogna
Follow Us