IT security cannot remain in blissful ignorance Thursday 26 July 2007 PDF Print 26 July 2007 – NETconsent has today announced new research showing that professionals are risking their reputations by accepting Information and Communication Technology (ICT) policies without understanding the documents they are agreeing to. The poll, undertaken by NETconsent and The Federation Against Software Theft, highlights that 94% of members have ICT security policies in place at work, of which almost two thirds (60%) are updated at least once a year. While this is encouraging news, it is nullified by the fact that more than three quarters (77%) of respondents do not have a process in place to ensure these policies are understood. With just under half (44%) of respondents claiming that they lacked confidence in their colleagues understanding of ICT policies, organisations are increasing the risk of policy breaches. 40% of respondents admit that they have had to initiate disciplinary procedures as a result of a member of staff breaking ICT policies. The costs of such occurrences can escalate quickly; nearly three quarters (70%) of associated costs are spent on putting a case together and attending disciplinary hearings; diverting attention from other more strategic human resources (HR) functions. Dominic Saunders, NETconsent’s Operations Director, says: “It is surprising that such a high proportion of respondents have concerns surrounding their colleagues’ understanding of policies yet still don’t have a process to educate and test policy recognition. Effective policy management is fundamental to managing risk and improving compliance.” “Increasingly organisations are looking for practical ways of managing the policy management lifecycle to cut administration costs and protect themselves against litigation. Policy management tools like NETconsent, are fast becoming an essential application for those serious about demonstrating best practice and exemplary corporate governance.” “IT compliance is a legal requirement", states John Lovelock, Director General of The Federation Against Software Theft. "All Board Members must take their responsibilities seriously to ensure that organisations are complying with the law. Policies are an important communication tool not only to educate users and remind them of their rights, responsibilities and the consequences of their actions, but also to protect them." Other Key Findings include: Regular updates keep disciplinary hearings and tribunals down: Only 44% of respondents have an ICT policy that states how often that document should be reviewed and/or updated. Worryingly 10% of respondents would never update that document. Annual check-ups: Although 60% of respondents update ICT policies on an annual basis, almost a third of respondents have dealt with a disciplinary case within the past year. An executive summary (including statistical results for the poll) and recommendations can be downloaded at: www.netconsent.com/fast About the poll The results were taken from an online poll of the Federation Against Software Theft Corporate Services membership working in a range of sectors including technology, government and professional services, across a variety of company sizes. Additional responses from other organisations attending a security seminar run by its Information Technology Security Group are also included. About NETconsent NETconsent Ltd is a leading vendor of policy management and corporate communications software. By automating policy management, NETconsent reduces risk and audit problems. By ensuring that users have the opportunity to read and agree to all company policies, NETconsent helps organisations comply with legislation directives, industry regulations and avoid costly litigation. NETconsent Ltd is a UK company based in Camberley providing policy compliance across the public and private sectors. For more information on NETconsent, visit www.netconsent.com/FAST About The Federation The Federation Against Software Theft became the world’s first software anti-piracy organisation when it was set up in 1984 to lobby Parliament for changes to the copyright law. The FAST Information Technology Security Group was established to advise members on how best to provide a secure and efficient environment for the workplace. The purpose of the Group is to work within The Federation to provide expert knowledge of security products and services to FAST members, as well as the wider IT user audience in general. For more information on The Federation, visit www.fast.org.uk - Ends - For further information please contact: Lorna Thompson / Sophie Orlando Octopus Communications for NETconsent T: +44 (0)8453 200511 E: NETconsent@octopuscomms.net This press release was distributed by ResponseSource Press Release Wire on behalf of Octopus Communications in the following categories: Business & Finance, Education & Human Resources, Public Sector, Third Sector & Legal, Computing & Telecoms, for more information visit http://pressreleasewire.responsesource.com/about.