How has your Information Security Policy coped with the rise of SaaS solutions?

2020/01/17

As we roll into 2020 many people are pausing to reflect on 2019, what they achieved personally, professionally and setting goals for 2020.

Now would also be a time to consider “Have our Information Security Policy and Standards stood the test of time, are they appropriate for SaaS solutions?”.

Technical staff are often prompted or have KPI’s to update the low level procedures but many companies forget that policies and standards are living artifacts that need to be reviewed and updated to ensure that they’re in line with the risk appetite and changing operating environment.

Example:

  • Security policy requires all users to have named user accounts;
  • Access management standard (from 2012) specifies Active Directory accounts with a UserID format of Domain/ABC1234.
  • Account provisioning procedure creates ServiceNow accounts with email address as the UserID.

This standard is incompatible with most modern SasS solutions and needs to be updated to reflect the changing operating environment.

Under ISO 27001 and CPS234 an organization is required to have an active Information Security program, this includes actively reviewing and updating your policies. Take the time to schedule a review in 2020.

Secure your productivity suites while
employees work from home

info@detexian.com
710 Collins Street
Melbourne VIC 3008
Australia
Copyright Detexian 2020 All Rights ReservedTerms & ConditionsPrivacy Policy