Chapter 18. Using Technology to Enforce Policy

An organization's Information Management policies and procedures can be divided into those that require manual auditing, monitoring, and enforcement to ensure compliance, and those that can be automatically monitored and enforced using information technology. For example, an e-mail policy that restricts e-mail attachments to 2 MB can be enforced easily by configuring the e-mail server to reject larger attachments. In much the same way, a policy statement that requires employees to "encrypt all e-mail sent outside the company" clearly relies upon the proper configuration and management of an encryption system. If the system is not available or useable, employees cannot comply with the policy.

This section focuses on the latter category of policies and procedures, and explores techniques that all organizations should be aware of when endeavoring to ensure that such directives are effectively and consistently enforced.

Which Directives Can Be Automatically Enforced?

Organizations should anticipate the kinds of Information Management program violations they are likely to face, and how they will address such violations when they occur. An exercise that can be helpful in this regard is identifying those policy elements that can be enforced automatically through proper configuration and management of information technology. We use the term automatically with caution here, because all technology, no matter how advanced or sophisticated, still ...

Get Information Nation: Seven Keys to Information Management Compliance, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.