{"id":211588,"date":"2021-03-26T15:00:26","date_gmt":"2021-03-26T12:00:26","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/your-must-have-policies-cloudsavvy-it\/"},"modified":"2021-03-26T15:00:26","modified_gmt":"2021-03-26T12:00:26","slug":"your-must-have-policies-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/your-must-have-policies-cloudsavvy-it\/","title":{"rendered":"#Your Must-Have Policies \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2fc1a7995b9\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2fc1a7995b9\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/your-must-have-policies-cloudsavvy-it\/#The_Exciting_World_of_IT_Governance\" >The Exciting World of IT Governance<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/your-must-have-policies-cloudsavvy-it\/#The_Critical_Policies\" >The Critical Policies<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/your-must-have-policies-cloudsavvy-it\/#Acceptable_Use_Policy\" >Acceptable Use Policy<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/your-must-have-policies-cloudsavvy-it\/#Data_Classification_Policy\" >Data Classification Policy<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/your-must-have-policies-cloudsavvy-it\/#Information_Security_Policy\" >Information Security Policy<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/your-must-have-policies-cloudsavvy-it\/#Password_Policy\" >Password Policy<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/buradabiliyorum.com\/en\/your-must-have-policies-cloudsavvy-it\/#Incident_Response_Plan\" >Incident Response Plan<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/buradabiliyorum.com\/en\/your-must-have-policies-cloudsavvy-it\/#Rolling_The_Policies_Out\" >Rolling The Policies Out<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#Your Must-Have Policies \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<figure style=\"width: 650px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-10354 size-full\" src=\"https:\/\/www.cloudsavvyit.com\/thumbcache\/0\/0\/8400e808f5ede4814287ec5e20c2eb91\/p\/uploads\/2021\/03\/9b33b420.png\" alt=\"\" width=\"650\" height=\"325\" data-crediturl=\"https:\/\/www.shutterstock.com\/image-photo\/macro-photo-tooth-wheels-compliance-regulations-635952077\" data-credittext=\"Shutterstock\/EtiAmmos\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-photo\/macro-photo-tooth-wheels-compliance-regulations-635952077\">Shutterstock\/EtiAmmos<\/a><\/span><\/figcaption><\/figure>\n<p>Policies and procedures aren\u2019t captivating, but they are critical to maintaining your security through the correct use of your systems. Here are the must-have policies that you require in 2021.<\/p>\n<h2 id=\"the-exciting-world-of-it-governance\"><span class=\"ez-toc-section\" id=\"The_Exciting_World_of_IT_Governance\"><\/span>The Exciting World of IT Governance<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>IT governance is about putting in place a suite of policies and procedures that your workforce follows when they\u2019re accessing an IT resource. The documentation forms a <em>governance framework<\/em> that provides instruction and guidance to your employees. If your staff adhere to the policies they\u2019ll use your IT equipment in the way you\u2019ve prescribed.<\/p>\n<p>Sometimes data protection legislation such as the\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/HTML\/?uri=CELEX:32016R0679&amp;qid=1600605964569&amp;from=EN\">General Data Protection Regulation<\/a>\u00a0(GDPR) requires you to have certain procedures and policies in place. If you have chosen to conform to a standard such as\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.iso.org\/isoiec-27001-information-security.html\">ISO 27001<\/a>\u00a0there will be a mandatory set of governance put into place so that you comply with the standard.<\/p>\n<p>It\u2019s a simple principle. You decide how you want things to be done, document it, and everyone adheres to the stipulations within the documents. It\u2019s just like a miniature legal system. A set of laws are decided, documented, and come into force.<\/p>\n<p>Developing, reviewing, and maintaining policies and procedures isn\u2019t glamorous and it\u2019s certainly not exciting. But it is critical.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"The_Critical_Policies\"><\/span>The Critical Policies<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Even if data protection legislation doesn\u2019t force you to implement policies and procedures, and you don\u2019t follow any optional standards, you still need some controls in place.\u00a0The policies discussed in this article are the bare minimum you need. They won\u2019t be the only documents you need though, because policies give rise to procedures and other supporting documents.<\/p>\n<p>Policies define the requirements for people\u2019s behaviors and the management of technological controls. They act like a \u201cmission statement\u201d to set the requirements and standards that the organization wants to run to. The detailed step-wise guidance and other supporting information are contained within related procedures, registers, and plans.<\/p>\n<p>Keep your policies tightly-focussed and specific. Don\u2019t try to cram everything into a single document. Keeping them separate helps to cement the idea that the different topics are distinct concepts that people need to be mindful of. It also makes the documents easier to manage through their review and revision cycles.<\/p>\n<p>Give your procedures a coherent look and feel, and include some standard sections in the preamble before you get to the body of the procedure. Include a \u201cPurpose\u201d section that explains the purpose and objectives of the procedure. Also, include a \u201cScope\u201d section that lists who is governed by the procedure. Does the procedure <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ly to all staff, or just the users of a certain software package, or only to remote workers? Does it cover contractors and temporary workers?<\/p>\n<p>If there are terms that need explaining, include a list of definitions. If this section is more than half a page or so, you probably need to purge some of the technospeak. Don\u2019t write for technical users, write for every user.<\/p>\n<h3 id=\"acceptable-use-policy\"><span class=\"ez-toc-section\" id=\"Acceptable_Use_Policy\"><\/span>Acceptable Use Policy<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The Acceptable Use Policy spells out what is and what is not acceptable use of your IT resources, data, and other assets. You need to formally document that you forbid the download, creation, manipulation, transmission, or storage of:<\/p>\n<ul>\n<li>Any unlawful, offensive, obscene or indecent images or data.<\/li>\n<li>Material that is defamatory, threatening, discriminatory, or extremist.<\/li>\n<li>Unsolicited \u201cnuisance\u201d emails.<\/li>\n<li>Material that promotes discrimination on the basis of race, gender, religion, disability, age, or sexual orientation.<\/li>\n<li>Material with the intention of committing a crime such as fraud or other deceptions.<\/li>\n<li>Material that infringes the intellectual property rights of your or another organization.<\/li>\n<li><a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Social media<\/a> or other public messages that bring your organization into disrepute.<\/li>\n<\/ul>\n<p>Be explicit that your IT services must not be deliberately used for activities having, or likely to have, any of the following characteristics:<\/p>\n<ul>\n<li>Intentionally wasting the organization\u2019s\u2014or any other user\u2019s\u2014time, efforts, or other resources<\/li>\n<li>Corrupting, altering, or destroying another user\u2019s data without authorization.<\/li>\n<li>Purposefully disrupting the work of other users or the correct functioning of your network and other IT assets.<\/li>\n<li>Introduce data-interception, password-detecting or similar software or devices to your IT assets.<\/li>\n<li>Seek to gain unauthorized access to restricted areas of the network.<\/li>\n<li>Connect any unauthorized data storage device to the network.<\/li>\n<li>Carry out any activities commonly described or recognized as \u201chacking.\u201d<\/li>\n<li>Intentionally or recklessly introduce any form of spyware, computer virus, or other potentially malicious software.<\/li>\n<\/ul>\n<p>You should also include the range of sanctions or reprisals that could result from non-compliance to the policy.<\/p>\n<h3 id=\"data-classification-policy\"><span class=\"ez-toc-section\" id=\"Data_Classification_Policy\"><\/span>Data Classification Policy<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Different types of data have different values and will produce impacts of different severity if there is a breach of data. Intellectual property,\u00a0 copyright material, company confidential material, and other sensitive data must be protected.<\/p>\n<p>Personally identifiable information (PII) must be protected too, and in many jurisdictions, it must be protected according to data protection legislation. Some types of PII are considered special categories of data\u2014medical information and the PII of minors, for example\u2014and must be processed and safeguarded in a particular way.<\/p>\n<p>The only way to clearly capture the different categories of data that you generate, gather, store, transfer, and process is to create a Data Classification Policy. That requires a data audit across your organization to quantify the data you hold.<\/p>\n<p>The scheme can be relatively simple. One common approach is to use:<\/p>\n<ul>\n<li><strong>Highly Restricted<\/strong>: Highly confidential information. The inappropriate disclosure of this category of data is capable of serious damage or distress to individuals. It may also count as a non-compliance against applicable data protection legislation. Loss of this type of data could seriously damage your interests and reputation or threaten the security of your organization, staff, or your clients.<\/li>\n<li><strong>Restricted<\/strong>: Confidential information. The inappropriate disclosure of this category of data will cause a negative impact on individuals. It may also count as a non-compliance against applicable data protection legislation. It could damage your organization\u2019s interests and will have an overall negative impact.<\/li>\n<li><strong>Internal Use<\/strong>: This is information that is considered inward-facing, not public-facing, but no substantive damage will be suffered if it was disclosed.<\/li>\n<\/ul>\n<p>Although the scheme is simple, performing a thorough data audit and classifying the data can be challenging. You\u2019ll uncover data types that span the definitions and could sit in two categories. The safest way to handle those instances is to classify the data as belonging to the higher of the two categories. Here are examples of data types and the categories they belong in.<\/p>\n<ul>\n<li><strong>Highly Restricted<\/strong>: Intellectual property, trade secrets, and product development information. Sensitive PII or large volumes of \u201cnormal\u201d PII. Information that relates to the safety of individuals, or the security of your organization and its IT resources.<\/li>\n<li><strong>Restricted<\/strong>: PII, marketing strategies, risk analysis documents, financial records, and accounts.<\/li>\n<li><strong>Internal Use<\/strong>: Non-confidential internal correspondence such as meeting minutes.<\/li>\n<\/ul>\n<p>Now that you know what data you hold and are responsible for, you can plan to keep it secure. That requires an Information Security Policy.<\/p>\n<h3 id=\"information-security-policy\"><span class=\"ez-toc-section\" id=\"Information_Security_Policy\"><\/span>Information Security Policy<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Also called an IT Security Policy, this is the policy that will probably change the most frequently. Revisions of the Information Security Policy (ISP) can be driven by changes to:<\/p>\n<ul>\n<li>The company infrastructure.<\/li>\n<li>The IT infrastructure.<\/li>\n<li>Your data processing activities and purposes.<\/li>\n<li>The discovery of new cyberthreats.<\/li>\n<li>Insights gained from previous cyber incidents.<\/li>\n<li>External influences such as COVID-19 and the rapid switch to a mostly remote workforce.<\/li>\n<\/ul>\n<p>Information security is about people\u2019s behavior in relation to the information they are responsible for, facilitated by the appropriate use of <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a>.\u00a0\u00a0Your ISP defines your organization\u2019s overall stance toward ensuring the confidentiality, integrity, and availability of your IT systems and data. It will address topics such as:<\/p>\n<ul>\n<li>The controls\u2014technological and governance\u2014that must be in place, and who is responsible for supporting them, maintaining them, and reviewing their continued effectiveness.<\/li>\n<li>The responsibilities of the users of the network and IT assets.<\/li>\n<li>Compliance with any data protection legislation or other standards.<\/li>\n<li>Patching schedules and strategies for operating systems, applications, and firmware.<\/li>\n<li>Access control should be defined for local and remote connections to your IT assets. All user accounts must be issued with a unique ID and password. Two-factor or multi-factor authentication should be used where possible.<\/li>\n<li>The requirement for a\u00a0<em>Hardware Asset Register<\/em>. All IT equipment and assets identified and recorded in it.<\/li>\n<li>The requirement for an\u00a0<em>Information Asset Register<\/em>. This records by department, team, or other sensible logical subdivision, the type of data that they gather, process, and transmit. This might be a requirement under data protection legislation.<\/li>\n<li>The requirement for a\u00a0<em>Data Classification Policy<\/em>.<\/li>\n<li>The need for a\u00a0<em>Password Policy<\/em>. If company-sanctioned password managers are to be allowed they will be listed in the Password Policy.<\/li>\n<li>The requirement for a\u00a0<em>Cybersecurity Risk Assessment<\/em>\u00a0including when it needs to be reviewed. Reviews can be required according to a schedule or because of an event such as an IT incident or data breach.<\/li>\n<li>Rules regarding the use of USB ports, removable media, and the use of unauthorized applications.<\/li>\n<li>The types of logging and the frequency of log reviews or automated log analysis.<\/li>\n<li>Business continuity requirements. The details will be held in a\u00a0<em>Business Continuity Plan<\/em>\u00a0or\u00a0<em>Disaster Recovery Plan<\/em>.<\/li>\n<\/ul>\n<p>Other requirements may present themselves as you go through the process of creating your ISP.<\/p>\n<h3 id=\"password-policy\"><span class=\"ez-toc-section\" id=\"Password_Policy\"><\/span>Password Policy<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>A password policy establishes the rules for the creation, protection, and use of passwords. The latest advice from\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"http:\/\/redirect.viglink.com?u=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fadmin%2Fmisc%2Fpassword-policy-recommendations%3Fview%3Do365-worldwide&amp;key=204a528a336ede4177fff0d84a044482\">Microsoft<\/a>, the\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/pages.nist.gov\/800-63-3\/sp800-63b.html#sec5\">National Institute of Standards and Technology<\/a>\u00a0(NIST), and the\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.ncsc.gov.uk\/blog-post\/problems-forcing-regular-password-expiry\">National Cyber Security Centre<\/a>\u00a0(NCSC) all promote changes from established norms. They advocate the use of *passphrases*\u2014three or more words separated by punctuation\u2014rather than *passwords* using number and symbol substitution. Enforcing regular password changes is no longer recommended.<\/p>\n<ul>\n<li>All system access must be controlled by authentication using unique ID and password pairs as a minimum, and two-factor authentication if possible.<\/li>\n<li>The first time a user logs in they should be prompted to change their password.<\/li>\n<li>Weak passwords should be rejected.<\/li>\n<li>Passwords should never be shared between users.<\/li>\n<li>Passwords should never be used on more than one system.<\/li>\n<li>Passwords must not include information that could be socially engineered or guessed. For example, don\u2019t use partner\u2019s or children\u2019s names, anniversaries or birth dates, sports teams, home towns, musical groups, etc.<\/li>\n<li>Don\u2019t use sequences of keys like \u201cqwerty\u201d, \u201cq1w2e3r4\u201d, or \u201casdfg\u201d.<\/li>\n<li>Passwords must never be written down. The only place they can be stored is a company-approved password manager.<\/li>\n<li>If a user suspects their password has been compromised they must immediately alert the system administrator.<\/li>\n<\/ul>\n<p>Where it is possible, use two or multi-factor authentication. Automatically checking passwords against the\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/haveibeenpwned.com\/\">Have I Been Pwned<\/a>\u00a0(HIBP) databases can be used to reject passwords that are already in the HIBP databases. If a password is in the HIBP databases then it is already in the databases used in password brute force and credential stuffing attack software.<\/p>\n<p><strong>RELATED:<\/strong> <strong><em>How To Check If Staff Emails Are in Data Breaches<\/em><\/strong><\/p>\n<h3 id=\"incident-response-plan\"><span class=\"ez-toc-section\" id=\"Incident_Response_Plan\"><\/span>Incident Response Plan<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Your Incident Response Plan (IRP) is the playbook you follow when you have a cybersecurity incident. It\u2019s allied to, but slightly different from, your Data Breach Policy (DBP). The DBP is the set of rules and actions to follow if personally identifiable information has been exposed or destroyed.<\/p>\n<p>You don\u2019t write the lifeboat plan when the ship is going down. You do it in advance and rehearse it. The same is true of your ISP. Include all stakeholders in its development and walk-throughs. These can include IT services, data protection roles, human resources, legal counsel, public relations, and management.<\/p>\n<p>The IRP ensures an incident is handled in a prescribed and effective method, designed to minimize downtime, damage, and data loss. The stakeholders need to rehearse the plan so that it is familiar, trusted, and doesn\u2019t get ignored in the midst of an incident.<\/p>\n<p>By listing actions and assigning responsibilities to teams or departments, everyone knows their role and what needs to be done, and in what sequence.<\/p>\n<p><strong>RELATED:<\/strong> <strong><em>How To Prepare For and Fight a Ransomware Attack<\/em><\/strong><\/p>\n<h2 id=\"wrap-up\"><span class=\"ez-toc-section\" id=\"Rolling_The_Policies_Out\"><\/span>Rolling The Policies Out<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The smooth adoption of procedures depends on a number of factors.<\/p>\n<ul>\n<li>They must be written so that they can be understood by anyone. Plain English is the name of the <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/game\/\" data-internallinksmanager029f6b8e52c=\"7\" title=\"Game\" target=\"_blank\" rel=\"noopener\">game<\/a>.<\/li>\n<li>Write them so they are effective, not impressive. No one is going to read something that looks like War and Peace, and even if they do wade through it they\u2019ll never be able to follow it.<\/li>\n<li>Introduce policies and explain why they are important, both to the organization and the individual.<\/li>\n<\/ul>\n<p>Review your governance frequently, and accept suggestions from your workforce. They\u2019re the people on the front line following these documents. It only makes sense to hear what they have to say.\n<\/p><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/10283\/it-governance-your-must-have-policies\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#Your Must-Have Policies \u2013 CloudSavvy IT&#8221; Shutterstock\/EtiAmmos Policies and procedures aren\u2019t captivating, but they are critical to maintaining your security through the correct use of your systems. Here are the must-have policies that you require in 2021. The Exciting World of IT Governance IT governance is about putting in place a suite of policies and&#8230;<\/p>\n","protected":false},"author":1,"featured_media":211589,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/03\/9b33b420.png","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-211588","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/211588","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=211588"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/211588\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/211589"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=211588"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=211588"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=211588"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}