week 22
K1.22 The relationship between organisational policies and procedures and risk mitigation:
Organisational policies and procedures help reduce risk by setting clear rules, responsibilities, and standard practices for staff and systems.
They support digital security, health and safety, and legal compliance.
By following these structured rules, organisations can:
-
Prevent incidents
-
Detect issues early
-
Respond quickly to minimise damage
Key Organisational Policies and Their Role in Risk Mitigation
Digital Use Policy
Outlines how technology should be used by employees. It contains standard operating procedures (SOPs) that protect digital infrastructure and reduce human error.
| Procedure Area | Risk Mitigated | Example |
|---|---|---|
| Network Usage and Control | Prevents slowdowns or malicious traffic | Monitor bandwidth, detect unusual behaviour |
| Internet Usage | Stops access to harmful or distracting websites | Block social media or unverified download sites |
| Bring Your Own Device (BYOD) | Reduces risk of infection or data leaks from personal devices | Enforce antivirus installation on personal phones |
| Working from Home (WFH) | Ensures secure and safe home setups | DSE assessments, VPN access |
| Password Renewal | Protects against long-term password compromise | Require password updates every 60 days |
| Software Usage | Ensures only secure and up-to-date apps are used | Disallow unauthorised software, enforce updates |
Impact: These policies reduce digital threats by limiting how systems are accessed and used.
Health and Safety Policy
Protects staff from physical harm and reduces business liability. It also ensures compliance with health and safety laws.
| Procedure Area | Risk Mitigated | Example |
|---|---|---|
| Lone Working | Reduces risk of harm when working alone | Require check-ins or buddy systems |
| Manual Handling | Prevents injury when lifting IT equipment | Train staff on safe lifting of servers or monitors |
| Working at Height | Avoids accidents when installing or repairing equipment | Use ladders and safety procedures |
| Fire Safety | Minimises fire-related injury or damage | Provide staff training and exit procedures |
| RIDDOR Compliance (2013) | Ensures reporting of injuries or hazards | Report electric shock from faulty cables |
Impact: These procedures help maintain a safe working environment for IT professionals and users.
Change Procedure
Controls how changes to IT systems (like updates, installations or network adjustments) are approved and recorded.
| How It Helps Mitigate Risk |
|---|
| Prevents unauthorised or untested system changes |
| Ensures documentation for rollback if problems occur |
| Supports planning and testing of updates before deployment |
Without this, rushed or undocumented changes could introduce vulnerabilities or system failures.
Auditing of Policies and SOPs
Regularly checks whether policies and procedures are being followed.
| How It Helps Mitigate Risk |
|---|
| Ensures continued compliance with policies |
| Identifies gaps or weaknesses in controls |
| Enables organisations to update policies based on new risks or technologies |
For example, audits might uncover that users aren’t updating their passwords – prompting training or automation.
Policy to Protection
Scenario:
You’ve joined a company as an IT technician. You need to help a new employee understand how company rules help protect systems and people.
Task:
1. Match each risk below to the correct policy or procedure:
Risk of data theft from personal phones
Risk of injury when lifting a server
Risk of staff ignoring update reminders
Risk of applying a faulty update to live systems
2. For each match, explain how the policy or SOP helps reduce the risk.
Extension: Suggest one new policy that could help mitigate a modern threat like AI phishing or deepfake fraud.
A Game of Risk
Peer review the risk strategy and update following feedback. All risk strategies collected in and each one discussed in turn, highlighting security controls that could be implemented and how that would mitigate the risk (for example, software removal or reduces web access). Task to be tutor led to ensure all following are explored:
- Boundary firewalls and gateways.
- Secure configurations.
- Malware protection.
- Patch management.
- Access control.
Last Updated
2025-07-14 13:17:56
English and Maths
English
Maths
Stretch and Challenge
Stretch and Challenge
- Fast to implement
- Accessible by default
- No dependencies
Homework
Homework
Equality and Diversity Calendar
How to's
How 2's Coverage
Links to Learning Outcomes |
Links to Assessment criteria |
|
|---|---|---|
Files that support this week
Week 21←
PrevWeek 22←
PrevWeek 23←
Prev→
Next