As businesses continue to work from home in an effort to flatten the curve during the COVID-19 pandemic, it is critical to have effective policies in place. More importantly, your employees should be trained in said policies and be following them accordingly, both in and out of the office. Policies are only as good as your employees’ behavior - strong security hygiene at the user-level helps responsibly manage security risk.

Here are the top 5 policies critical for maintaining security standards during the COVID-19 pandemic:

Acceptable Use Policy

An acceptable use policy provides a clear outline of how business-owned technologies and resources may and may not be used. This is one of the easiest ways to prevent an IT security breach. The policy can include everything from computers, telephones, internet, and email. Guidelines should also be established and consequences of misuse clearly stated. 

Information Security Policy

An organization’s information security policy typically contains high-level policies covering many security controls. This policy is used to ensure employees who use IT assets within the breadth of the organization, or its networks, comply with its stated rules and guidelines for passwords, network access, software updates, and more.

Change Management Policy

A change management policy refers to a formal process for making changes to IT infrastructure, software development, and security services and operations. The goal of a change management policy is to increase the awareness and understanding of proposed changes across an organization, and to ensure that all changes are documented, approved, and tested prior to being implemented.

In a recent blog, we talk about the importance of change management in light of COVID-19 and the implementation of a global remote workforce.

Incident Response Plan

This policy is used to describe the process of handling an incident with respect to limiting the damage to business operations, customers, and reducing recovery time and costs. It can include everything from a computer that has been infected by ransomware to a stolen device that has access to business data.

Disaster Recovery/Business Continuity Plan

A Disaster Recovery/Business Continuity Plan helps manage real-time risks, including responding to denial-of-service attacks, natural disasters, hardware failure, pandemics, or any other potential disruption of service. Business continuity seeks to keep the business running no matter what by coordinating efforts across the organization. The Disaster Recovery Plan is used to restore hardware, applications, and data deemed essential for business continuity.


Policies are the foundation of your business’s security and compliance program, especially during unprecedented and uncertain times.  If you’re organization seeks to review and, potentially, revise its current policies to accommodate a recently deployed remote workforce, drop us a line.