IT Policies Overview

1 minute read


This is a guide on different IT Policies you can you use in your department.

To Resolve:

  1. Change Management Policy => A policy for changes which should have procedures. Should include: Change authorization, testing, approval, monitoring, and segregation of incompatible duties.

  2. General Policies => A policy for Anti-Virus management, vendors, firewalls, etc.

  3. Password Policies => A policy for Active Directory, servers, workstations, and applications.

  4. Priviliged Users Policy => A policy which lists which users have administrative rights or anything above a regular user for all systems and applications.

  5. Access Control Policy => A policy which restricts users to their departments. Ex: Local admin accounts for support, DBA’s to their Databases, etc.

  6. Access Authorization Policy => A policy for creation, modification, and deletion of users and a periodic review of users access rights. This should be split between departments.

  7. Physical Hardware Policy => A policy for best practice standards and workstation use standards.

  8. Segregation of Incompatible Duties Policy => A policy to ensure authority is given to those in specific roles and lists each roles and their scope.

  9. Backup Policy => A policy on how backups should be done, stored, logged, and tested.

  10. Task Scheduling Policy => A policy documenting all automation tasks. Should include: Schedule, impact to the environment, expected outcomes, logging, and alerts.

  11. Incident Management Policy => A policy documenting all policies and the set of procedures to be followed in resolving them. Should be a ticketing method, urgency tiers, internal OLA’s and external SLA’s.

  12. Security Policy => All security controls in one document for legal to review.

  13. User Agreement Policy => A policy which is a condensed version of all other policies in one or two pages for end users to sign and agree to.

  14. Platform Configuration Policy => A policy listing recommended hardware and software requirements. Should include:

For Hardware: Minimum hard drive, memory, processor requirements.

For Software: Recommended Operating Systems, User accounts, Anti-Virus software, Auditing and logging, etc.