× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



This might not be the optimal forum for this discussion.

You might take a look at how ISO is structured. I only know how it got setup where I work. We have one of the ISO9000 variants, not computer security ISO17799 (or
BS7799) and ISO27001. From a computer integrity perspective, ISO9000 is a joke. It controls the layout and appearance of reports, not the accuracy of the data there.

There is one manual that heads of departments have. It spells out in general terms what the company policies are, who may change which ones, with QC having the responsibility to maintain the manuals. Many policies are statements of goals, that can be stated on one piece of paper. Signatures on the bottom by top managers. Some of these are framed in the reception area.

There are more detailed manuals by department that have the procedures for implementing the policies, or getting the job done regardless of policies, and these have more widespread access by people in each dept. Typically the head of a dept has both the general policy manual and the detailed manual for that dept.

In my experience, the vast majority of personnel are ignorant of corporate policies, they just know how to do their job. People learn how to do the job from post it notes left by prior workers, who in turn learned the job from a smaller earlier collection of post it notes left by the person before them. There is a total disconnect bettween the top of the company and the rank & file. The top of the company does not know what the rank & file is doing. The rank & file has no idea about policies, strategic plans, etc.

There is a manual out of HR that all employees receive, called the employee handbook. We had to sign some paper acknowledging that we had received it and read it.
Periodically there are amendments & insertions that also come with similar acknowledgement forms. It is a good job we have those periodic updates, since it reminds us to figure out where we put that manual, and review it once in a while.

That was the theory, but with turn over in QC & HR offices, and turnover of management, a lot of the detail has been abandoned.

Some top managers seem to think that because we have a computer system we are something special, so computer room included on "tours". Of course rules that apply to the rank & file (no unattended visitors wandering our facility) do not apply to the guests of top managers, such as little children.

Over time, we evolved some security rules.
Then we got bought out by another company & the rules changed.
Whatever managers at the owner company ask for, we are to deliver, period.
This includes a lot of stuff that increases overall security risks.

We've just started formally documenting our iSeries security policies and procedures in order to become compliant with some security standards and regulations. Management wants to include policies AND detailed step-by-step procedures in the same document and I maintain that it's important to keep the policy separate from the procedures.

Granted, when we're all finished, we could cut and paste all the policy into a separate document so maybe it really doesn't make a difference.

Your comments will be appreciated.

Thanks,

Bryan Burns
iSeries Specialist



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.