From the course: CRISC Cert Prep: 2 IT Risk Assessment
Join today to access over 25,000 courses taught by industry experts.
Analyze policies, standards, and procedures
From the course: CRISC Cert Prep: 2 IT Risk Assessment
Analyze policies, standards, and procedures
- [Instructor] I've been saying this for years, and I'm going to keep saying it. If you want folks to know what's expected of them, you have to write it down. Not only does writing things down improve consistency, stability, and efficiency, but it also provides you, the CRISC, with the opportunity to perform a more informed analysis of the risk your organization is facing. The three types of documents you'll want to seek out when doing this are policies, standards, and procedures. We sometimes fall into the trap of using those terms interchangeably, but each document has a very distinct purpose. Take policies, for example, and by policy, I'm referring to a written organizational policy and not a detailed technical configuration, like a firewall policy. Policies are high-level documents by design. When your senior management team sits down together and says, this is what we should be doing as an organization, that direction is…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.