News

Ineffectual approaches to communicating and auditing key policies threaten to undermine strategic and essential security programmes.

PolicyMatter Ltd, the market leading policy management software house, today called for organizations committed to PCI programmes to take a new approach to communicating and tracking the policies defining their information security strategies. By persevering with outdated and inefficient systems, the companies most keenly affected by PCI issues are increasingly those most at risk.

On the basis of a growing installed base in the retail and financial services sector, PolicyMatter believes that now, more than ever, a more effective approach is called for, if employees are to be sure of their information security responsibilities and the steps they are required to follow.

“There’s a whole section of the Payment Card Industry (PCI) Data Security Standard dedicated to information security policies for employees and contractors,” said PolicyMatter Managing Director Chris Heslop. “That in itself is good. The industry is right to be raising policy compliance as a key business issue that cannot be ignored. What’s disappointing to say the least is that is shies away from demanding really effective approaches  -  ‘educate employees …..by letters, posters, memos, meetings, and promotions’. These are ineffectual and discredited methods from yesterday, and wholly inadequate for facing up to the challenges of tomorrow.”

PolicyMatter’s position is reinforced by being able to claim a number of leading retail, commercial and financial organizations as its customers. Rather than relying on printed material, handbooks, induction schemes or Intranets, which can varyingly turn out to be ineffective, easily ignored or resistant to change, they have used PolicyMatter’s flexible and customer-orientated approach to make policy communication effective, unavoidable and simple to monitor. Delivered either as a managed service or as a solution that automatically identifies and communicates information to targeted employees, PolicyMatter ensure staff receive, read, understand and sign up to policies.

“The PCI DSS has implications for a growing number of commercial organizations,” added Chris Heslop. “Most businesses have already taken the first step of drafting and creating their information security policies. However, to avoid wasting that effort, they’re going to need to look at new approaches for communicating and tracking policies, and that’s where PolicyMatter can help.”