Acceptable Use Rules
The king of all our policies is on acceptable use, since it must be attested to by every employee each year. Like any policy, it's not perfect, so it was due for some tweaks as well. For example, since that policy was last modified, employees have begun using remote-access software to tap into the PC they left at work from their homes, or anywhere else. I have now explicitly restricted the use of such software, which already violated our remote-access requirements for encryption and two-factor authentication.
Of course, sometimes a tweak isn't enough. I did have to create a new policy. This need arose from a recent acquisition, in which we assumed some 30 dedicated point-to-point VPN connections. We've never allowed such things, but they seemed the best way to allow newly acquired offshore workers to access code bases and other R&D sections on our internal network. The acquired company also had no policy, standards or guidelines for such connections, so I created what I called a "partner connectivity policy," specifying rules for them. With an entirely new policy in hand, I guess I'd better order pizza.
Sign up for CIO Asia eNewsletters.