Assessment Event 1

Contribute to copyright, ethics and privacy in an

ICT environment
Short answer questions - Theory questions12
1.12

Describe two (2) methods that the organisation might use to ensure their policies and procedures are
being effectively implemented, one of which must relate specifically to the implementation of system
security.  

Tips: 

 This relates to once staff have been informed of the changes 

 You must specifically address how will the business be sure the changes are actually being
put into practice.

Your answer
 Create clear, meaningful policy statements. Identify the systems that contain relevant data that
need to be connected to the controlling system. Add machines to the system configuration list. Be
aware of the file system’s hierarchy and how this affects users’ access to files within directories. In
Secure Perspective, map resources to data assets, actors to user profiles, and actions to system
actions.
 Train employees in policies and procedures: provide adequate information, instruction, supervision
and training to employees to ensure policies and procedures are being effectively implemented.
Ensure that new employees and contractors are trained and familiar with the policies and
procedures, and existing staff receive appropriate training, e.g. annual refresher courses.
Assume that a new Privacy Policy for IT Consultants is being implemented, it will result in changes to
work practices. Provide two (2) recommendations for how the staff of IT Consultants might effectively
be informed of changes to the Privacy Policy and how they will affect undertaking their work.  

Your answer
By sending the privacy policy to all staff in their email.
By arranging a meeting and discuss the policy changes and giving a copy of that policy to all staff members.