Having a policy for IT usage is one thing. Encouraging awareness and adherence of staff is another.
Mounil Patel, strategic technology consultant for Mimecast in Boston: Policy frameworks on the appropriate use of email in a healthcare organization are important. But, they are essentially useless if end users are not properly trained on how to comply with policy requirements. Depending on the policy, training could be as simple as a written document, or something more in-depth like a session delivered by an instructor. Either way, an employee should have to sign something to recognize he or she has received the training and understands the requirements. Using content security solutions that identify sensitive information and alert users to their compliance requirements is another way to automatically reinforce security policy training.