(Past Event)

tISS: Security Policy Development



Getting security policies right can be a difficult and lengthy process, with major costs attached if they prove to be ineffective or inadequate - look no further than Data Protection breach fines for evidence that security policy failure can prove expensive.

What are the most effective approaches for policy development - where should you start? What do you want the policies to do, and for whom? Is 'do the minimum allowable' the right approach? Should there be one overarching policy, or will an approach of function-responsible policies be more successful?

Finally, policy templates may be readily available via a quick web search, but they can lead to policy failure - if the policy does not have a good 'cultural fit' with the organisation implementation and adoption can flounder. But is there a way that policies can be effectively shared, to avoid the need to re-invent the wheel?


Understand how peer organisations are approaching Security Policy Development, and managing changing demands; to learn how Security Policy Development is being delivered in large corporates today.

Who should attend

Corporate IT security professionals with responsibility for Security Policy Development.


The final agenda will be developed through consultation amongst delegates, provisional discussion areas are:

  • Defining what a policy should look like
    • What is the difference between a 'policy' and a 'procedure' or 'work in progress' or 'guideline'?
  • How to effectively create policies
    • Policies and multiple compliances
    • Use of Frameworks
    • How detailed should you be?
    • Auditor validation of policies
  • Defining the style or approach that best suits your organisation, will carry weight and will lead to the right type of activity and behaviour
    • Cultural fit
    • Use of language and effective communication style
  • Measurability, and ensuring ROI is delivered
Unparalleled Learning

Members Include

united biscuits
travis perkins
start stop bwd fwd

"Just wanted to say thanks; another great day where I have come out with more knowledge than I entered with"

"Many thanks; [the event was] very good and beneficial"

"I have never not found a day interesting"

"The Corporate IT Forum is a fantastic level check, free of vendor sell and consultancy hype. I like the open sharing of experience…"

"We get valuable knowledge and experience from members of The Corporate IT Forum. This helps us to make better and informed decisions to reach our business goals…"

"The knowledge from other people on what they are doing/have done is invaluable to my team"

"The workshop validated the marketplace for supplier apps; participants were of a uniformly high standard; personally, I value highly the ethos of the Forum in the fact that it is supplier independent"

Tel: +44 (0) 1442 866634


Workshops are the backbone of The Forum. Nothing can compare to a group of IT professionals debating and exchanging experience of a specific, defined topic in a confidential environment. Workshops deliver insightful, real life information that helps members achieve their objectives, deliver projects and build relationships with other organisations.