Not currently logged in
News
21/11/2007
HMRC fiasco over security policy and procedures is an accident waiting to happen for numerous organisations
Antiquated systems fail to communicate key procedures or track employee comprehension and agreement
In the light of the major breach of security procedures at HM Revenue and Customs (HMRC) for transferring confidential data, PolicyMatter Ltd, the market leading policy management software house, today challenged organizations across the UK to take stock of the effectiveness of their systems for communicating and tracking policy awareness.
The background is that on October 18, a junior civil servant at the Child Benefit offices in Tyne and Wear sent two CDs, password-protected but not encrypted, containing the government's entire database of child benefit claimants, including the bank details of 7.25 million people, to the National Audit Office. The two CDs never arrived, and are believed to have gone missing.
The immediate response has been to focus on the breakdown in controls and breach of policy that allowed this to happen. However, Chris Heslop, Policymatter Managing Director, says that a collapse of policy and procedure of this nature should come as no surprise. “For many oganisations, the approach to security policy management is incomplete. Yes, policies have been drafted and approved. Yes, IT systems have been put in place to make sure breaches may be detected. But the security cycle has one glaring, gaping hole remaining – the ability to ensure that staff have read, understood and agreed to the policy. It’s a fundamental ‘people problem’. Without the ability to address this challenge, any security system will struggle.”
PolicyMatter’s extensive experience in implementing comprehensive policy management solutions for organizations in both the public and private sector provides a clear insight into the problem. “Even today, many businesses or public sector bodies with massive obligations to customers or the public are still relying on outdated and inefficient methods of policy communication, such as posting policies to the Intranet or burying them in dusty handbooks,” added Heslop. “Policies are ignored, never read, and defy most realistic methods of tracking who has actually looked at and understood them. The HMRC disaster was an accident waiting to happen, and organizations across the company should take stock of their ability to prevent a similar disaster befalling them.”
For more information visit www.policymatter.com