Infosec policy acknowledgement tends to become an urgent topic at the most inconvenient of times. During an audit, when your team realizes that new-hires haven't always been asked to sign all of the necessary policies. During a response to an enterprise security questionnaire, when a procurement director asks to see the paper trail demonstrating that your team is committed to the policies as-stated. Or worse, during litigation. We'll leave that last one right there, without elaborating.
Here, we'll delve into what's changed with regard to infosec policy acknowledgement, on a Before vs During COVID basis.
Prior to COVID, many small businesses used what I'll refer to as a do-it-yourself (DIY) policy acknowledgement process. This isn't the kind of DIY project where the finished product is a beautifully shiplapped wall to adorn a clever nook in your home. It's the kind of DIY project that involves some aging policy acknowledgements getting scanned in from paper copies, some e-Signatures from one or more signature providers over the years, and (yes) some cases of walking straight up to a laggard and asking if they wouldn't mind signing the document today (by any means available)... because the person is the very last one that hasn't done it yet.
Yes, many small businesses had a special kind of chaos when it came to infosec policy acknowledgement, pre-COVID. But ever since COVID? You don't want to know.
Because we tend to get involved when companies feel the pain of aging cybersecurity processes and tools, we've seen it all. We've seen companies whose policy acknowledgements are in word documents with signatures "drawn" via mouse or trackpad. We've seen barely-legible PDFs of scanned-in paper documents. We've seen unfiled/unsorted Google Drive folders containing "all" of the signed policy documents.
In the COVID era, many companies who were struggling to hold together their DIY policy acknowledgement approach, finally hit the breaking point. The geographic distribution of remote teams, the inability to walk up to a laggard and specifically raise the topic for immediate resolution, and the chaos of pre-existing filing systems all contributed to companies deciding that it was time to graduate to something better.
If you've read this far, there is a good chance that you are in that exact situation. So, as the trusted cybersecurity partner for a great many small businesses, let me point out some of the basics that should be a part of your online policy acknowledgement processes (and yes, you really should use Havoc Shield):
Our online policy management system at Havoc Shield does all of the above and more. Interested in learning more? Drop us a line anytime; we're standing by!