Cybersecurity Policy Update Checklist

This checklist helps New Zealand SMEs systematically review and update cybersecurity policies in 2024.

✅ Core Security Policy Components

• ✔️ Acceptable Use Policy (AUP) reviewed and acknowledged by all staff
• ✔️ Updated Password Policy to reflect MFA usage and minimum complexity
• ✔️ Clear definitions of remote work and BYOD conditions
• ✔️ Documented access control policies for cloud and on-prem systems
• ✔️ Vendor and third-party data access reviewed

🔐 Incident Response Planning

• ✔️ Defined roles and escalation contacts in case of breach
• ✔️ Updated breach reporting timeline to comply with NZ Privacy Act
• ✔️ Crisis communication plan for clients, suppliers, and media
• ✔️ Regular tabletop exercises scheduled

📊 Compliance and Record Keeping

• ✔️ Document retention schedule reviewed
• ✔️ Logs of system access and admin changes archived
• ✔️ Audit trails aligned with any contractual or regulatory needs

📢 Awareness & Training

• ✔️ Security awareness training updated with latest threats (phishing, AI scams)
• ✔️ Staff acknowledgment of policies captured electronically
• ✔️ Internal testing (e.g. phishing simulations) conducted quarterly