But half-measures still risk policy ineffectiveness
12/02/04, UK: Following a number of high-profile email and internet abuse scandals, research from corporate compliance and security software company, PolicyMatter, suggests that the majority of UK organisations are now taking steps to address the legal risks of IT misuse. In a study of over 200 UK organisations(*1), PolicyMatter found that 87 per cent of firms had implemented or revised their Acceptable Use Policy (AUP) in the last twelve months.
The survey showed that the key driver to create an AUP, cited by 77 per cent of respondents, was “reduced legal liability”. Twenty-four per cent of policy managers wanted to “protect the organisation’s reputation”; 13 per cent saw AUPs as a way to “avoid costly tribunals” and seven per cent cited the need to “prevent IT damage”. Only one per cent of respondents considered “reduced loss in productivity” as a key benefit of their organisation’s AUP(*2).
PolicyMatter spokesperson, Matt Fisher, said: “The majority of UK organisations seem to have got the message about the legal risks of internet and email misuse – at least in part. However, while there is a move to get policies in place, there is still a definite lack of clarity as to how to best communicate them to staff.”
The research found that hard copy documents were by far the most common means for deploying AUPs to employees. Forty-nine per cent of organisations distributed individual policy documents to employees, while 33 per cent used a printed handbook. Of those organisations using electronic media, 14 per cent chose the firm’s intranet, while just 4 per cent sent policy by email.
Looking more closely at policy ‘effectiveness’, only 26 per cent of organisations questioned believed that their procedures were good enough to ensure that employees fully understood the policies presented to them.
Fisher explained why this should be worrying: “The most effective way to reduce the legal risk of computer misuse is to shape positive user behaviour. But you can’t expect users to behave in a particular way if you don’t even know if they have read and understood the Acceptable Use Policy. Requiring employees to legally sign-up to your AUP needn’t be as laborious as it sounds – and is guaranteed to ensure that the policy is taken more seriously by employees who might otherwise think they can ‘get away with it’.”
~ Ends ~
*1– Organisations of 250 employees and above
*2 – Multiple selections were allowed, so percentages when totalled exceed 100
PolicyMatter addresses several of the key challenges facing organisations (such as, information security, regulatory and legislative compliance, and corporate governance) by ensuring that mission-critical policies are effectively communicated to employees. PolicyMatter policies cannot be deleted or ignored by employees, who must also demonstrate an understanding of the information before making a legally-binding agreement to accept it. A joint venture between software vendor, Extend Technologies, and law firm Morgan Cole, PolicyMatter is already in use with private and public sector organisations in the UK.
For further information, contact Matt Fisher on 08702 403620
This press release was distributed by ResponseSource Press Release Wire on behalf of Extend Technologies in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.