Information Technology Governance, Risk, and Compliance

IT Policy and Compliance

Build practical IT governance, policy, and compliance skills that reduce risk and support secure, accountable operations.

Log In to Enroll About this course Get unlimited access
IT Policy and Compliance logo
Quick Course Facts
15
Self-paced, Online, Lessons
15
Videos and/or Narrated Presentations
5.0
Approximate Hours of Course Media
About the IT Policy and Compliance Course

IT Policy and Compliance is a practical Information Technology course that shows you how to create clear, enforceable policies that support secure business operations. You will learn how policy, governance, and compliance work together so you can reduce risk, strengthen accountability, and improve how technology is managed across an organization.

Build Effective IT Policy And Compliance Practices

  • Build practical IT governance, policy, and compliance skills that reduce risk and support secure, accountable operations.
  • Learn how policy documents, standards, procedures, and guidelines fit together in a real-world Information Technology environment.
  • Understand the regulatory, legal, privacy, and security drivers that shape strong IT Policy and Compliance programs.
  • Develop the confidence to manage access control, data handling, incident response, vendor oversight, and audit readiness.

A hands-on course in IT Policy and Compliance for building structured, defensible, and operationally effective technology policies.

This course begins with the foundations of governance and then walks you through the full policy lifecycle, from framework design to ongoing review. You will explore how requirements from laws, regulations, internal controls, and business needs shape policy decisions in Information Technology, and how to translate those requirements into documents people can actually follow.

As you move through the lessons, you will examine acceptable use, access control, data classification, privacy, incident response, third-party risk, change management, and audit evidence. Each topic is presented in a way that connects policy language to day-to-day operations, helping you understand not just what to write, but why it matters and how it is enforced.

You will also learn how to manage exceptions, communicate expectations, train users, and measure whether policies are working as intended. By the end of the course, you will be able to build practical IT governance, policy, and compliance skills that reduce risk and support secure, accountable operations, and you will be better prepared to contribute to a mature, trusted Information Technology function.

Course Lessons

Full lesson breakdown

Lessons are organized by topic area and each includes descriptive copy for search visibility and student clarity.

Foundations of governance

1 lesson

Lesson 1: IT Policy and Compliance Fundamentals

18 min Preview
This lesson introduces the foundations of IT governance, policy, and compliance . Learners will understand why organizations need formal policies, how governance connects IT decisions to business goal…

Document hierarchy and purpose

1 lesson

Lesson 2: Policy, Standards, Procedures, and Guidelines

18 min
This lesson explains the document hierarchy used in IT governance and compliance: how policies , standards , procedures , and guidelines differ, how they relate to one another, and why each document t…

Requirements that shape IT policy

1 lesson

Lesson 3: Regulatory and Legal Drivers

20 min
This lesson explains the regulatory and legal drivers that shape IT policy. Learners will see how laws, regulations, contracts, and industry standards create obligations for access control, privacy, r…

Creating structure and ownership

1 lesson

Lesson 4: Building a Policy Framework

20 min
This lesson explains how to build a practical IT policy framework that is organized, usable, and easy to govern. You will learn how to group policies into a clear structure, define ownership, and crea…

Behavior, device, and system use

1 lesson

Lesson 5: Acceptable Use and Workforce Expectations

18 min
This lesson explains how acceptable use policies shape day-to-day employee behavior with company devices, networks, and systems. Learners will see how clear expectations reduce security risk, protect …

Least privilege and authorization

1 lesson

Lesson 6: Access Control and Identity Governance

22 min
This lesson explains how least privilege and authorization work together to control what users, systems, and services can access. Learners will see how to define access based on business need, reduce …

Protecting information by sensitivity

1 lesson

Lesson 7: Data Classification and Handling Rules

22 min
This lesson explains how to classify information by sensitivity and apply handling rules that match each class. Learners will see how clear labels, access limits, storage controls, sharing rules, and …

Managing personal and sensitive data

1 lesson

Lesson 8: Privacy Policy and Data Protection

22 min
This lesson explains how privacy policy turns legal and ethical obligations into practical rules for handling personal and sensitive data. Learners will see how to define data categories, limit collec…

Reporting, escalation, and response

1 lesson

Lesson 9: Security Incident Response Policy

20 min
This lesson explains how a security incident response policy turns uncertainty into action. Learners will see how to define what counts as an incident, who must report it, how escalation works, and ho…

Managing external risk

1 lesson

Lesson 10: Third-Party and Vendor Compliance

20 min
This lesson explains how to manage third-party and vendor compliance so outside providers do not become a weak point in your IT governance program. You will learn how to classify vendors by risk, what…

Controlling technology change

1 lesson

Lesson 11: Change Management and System Controls

18 min
This lesson explains how change management and system controls work together to keep technology environments stable, auditable, and secure. Learners will see how to classify changes, route them throug…

Proving compliance in practice

1 lesson

Lesson 12: Evidence, Records, and Audit Readiness

22 min
Audit readiness is not about creating paperwork for an inspection; it is about maintaining reliable evidence that controls are operating as intended. In this lesson, learners examine what counts as au…

Handling deviations responsibly

1 lesson

Lesson 13: Policy Exceptions and Risk Acceptance

18 min
This lesson explains how to handle policy exceptions and risk acceptance in a way that is controlled, documented, and defensible. Learners will see when an exception is appropriate, who should approve…

Making policies work operationally

1 lesson

Lesson 14: Training, Communication, and Enforcement

20 min
This lesson explains how to make IT policies work in day-to-day operations through training, communication, and consistent enforcement. A policy only reduces risk when employees understand it, know wh…

Maintaining relevance over time

1 lesson

Lesson 15: Policy Review, Metrics, and Continuous Improvement

20 min
This lesson explains how to keep IT policies useful after they are published. Learners examine policy review cycles, ownership, and approval triggers so policies stay aligned with business needs, lega…
About Your Instructor
Professor Amanda Davis

Professor Amanda Davis

Professor Amanda Davis guides this AI-built Virversity course with a clear, practical teaching style.