Drafting Effective Security Policies
A workshop for Security professionals who write rules
Every organization needs Security policies and standards to help safeguard the organization’s human, financial, and physical resources. This hands-on workshop leads Security professionals through the steps required to shift their organization’s policy writing culture from confrontational to cooperative.
Session Outline (6 HOURS)
1. Topics Include
- establishing a policy framework and policy document types
- selecting appropriate content
- removing overly aggressive language
- determining standard elements
- identifying common policy writing errors.
Participants leave this workshop knowing:
- how to determine what belongs in a Security policy instrument and what doesn’t
- the best way to organize Security policies, directives, standards, and guidelines
- how to word Security rules in a way that’s respectful to the people affected
- how to approach a policy renewal exercise
2. Agenda
- Goals of Security policies
- Characteristics of good Security policy instruments
Policy frameworks
- Foundational documents
- Distinguishing Authorities from Guidance
- Distinguishing policies from directives, guidelines, standards and procedures
Policy statements
- Choosing the right content
- Choosing the right language
- Words and phrases to avoid
Policy components
- Standard elements
- Terminology and style guides
- Cross-referencing other documents
- Best practices
Moving forward
- Fixing bad policy documents
- Developing an action plan for policy refresh
3. Participants At The Workshop Will Leave With
- a Documentation Framework and standardized list of document instrument types
- a roadmap of foundational activities to be completed
- a Policy Suite Health Diagnostic checklist
- a standard policy template
- a softcover copy of the book How to Write Rules That People Want to Follow