IT policies are a critical, yet often neglected area in most growing businesses. Clear policies around data management and ownership (personal versus corporate), email and internet usage, and hardware and software inventory are necessary for the protection of both the company and the employee. Guidelines and written policies in these areas need to be defined, communicated and implemented whether your company has 5, 50, or 5000 employees.
Key areas for policies and procedures are:
- Acceptable Use of Technology: Guidelines for the use of computers, fax machines, telephones, internet, email, and voicemail and the consequences for misuse.
- Security: Guidelines for passwords, levels of access to the network, virus protection, confidentiality, and the usage of data.
- Disaster Recovery: Guidelines for data recovery in the event of a disaster, and data backup methods.
- Technology Standards Guidelines to determine the type of software, hardware, and systems will be purchased and used at the company, including those that are prohibited (for example, instant messenger or mp3 music download software.
- Network Set up and Documentation: Guidelines regarding how the network is configured, how to add new employees to the network, permission levels for employees, and licensing of software.
- IT Services: Guidelines to determine how technology needs and problems will be addressed, who in the organization is responsible for employee technical support, maintenance, installation, and long-term technology planning.
Consider the following scenarios:
- Joe was a great addition to the organization, creating wonderful presentations, marketing materials and the standards for all communications sent to your clients. A great deal of time and effort went into the revamping of your company’s look and feel. Joe stored all his files on Google Drive and that’s how the rest of the organization accessed this information. Joe has had a falling out with the CEO and abruptly quit. All his files are in Google Drive, tied to his personal google email: how can you get access to all corporate material that rightfully belongs to the organization? What recourse do you have if any?
- Jack has a daughter who is selling gift wrap for her elementary school. He sends a companywide email letting everyone know of the fund raiser and asking them to email their orders into him within the next two weeks. Is this an appropriate use of the company email system?
- Michael is waiting for one of his systems to finish some software updates critical to his role as a finance manager. While he is waiting for the updates to finish, he surfs the web for tips and tricks on the new software and ends up on You Tube. He clicks on a link that takes him to a video containing inappropriate material. Sandy walks in the office and sees what Michael is watching. What are the implications for Michael? What if Sandy files a sexual harassment suit? He was looking for a training video originally but was diverted, was this appropriate use of the internet at work?
Clear policies around data management and ownership (personal versus corporate), email and internet usage, and hardware and software inventory are necessary for the protection of both the company and the employee.
Without written policies, there is no reference point to guide management in preventing and/or dealing with complicated situations that are bound to arise in today’s interconnected world.
Hybridge specializes in helping companies manage all aspects of their IT infrastructure. If your IT policies needs some dusting off, updating, or if you simply don’t have IT policies in place, give us a call or email us at support at hybridge.com.