Does your business use a computer or the Internet? If you’re reading this, the answer is probably yes! Pretty much every business out there now uses technology in some form or another, and yet there are thousands of businesses out there who still do not have any IT policies in place to protect their data. These policies not only help your employees to understand what’s expected and required of them when using technology provided by their employer, but they also protect you by having governance policies in place. For most businesses a complicated set of rules is not needed, and can instead be boiled down to these 5 basic policies.
Your acceptable use of technology policy should do what it says on the tin – outline to your staff the rules for use of computers, telephones, internet, email, voicemail and even fax machines (if you still have one!) are, and the consequences of misusing them. For example, some companies have a zero tolerance policy on social media at work, with anyone found using it to face a punishment. This should also cover what kinds of site employees are and are not allowed to access, what the protocol and etiquette is for using work telephones and email for personal reasons and a reference point for clarification in case anyone is confused.
A clear security policy is an absolute must for any business using computers or the Internet. Your security policy should set out clear guidelines for all employees on the creation of secure passwords and how often to update them. It should also cover the different levels of access to your computer network and reasoning, plus outline the virus protection requirements from each employee for their individual devices. If you have a centralised policy for deploying anti-virus solutions, this needs to be explained and all employees should be compliant with installing upgrades. Here you also need to talk about data confidentiality in both a verbal and a digital sense and explain the reasonable use of data, along with examples of what it not reasonable use.
While it may only be your IT team who need to know, you still need to have a strong, fool proof backup and disaster recovery policy in place. Once you have found and installed a solution you are happy with, your policy should outline how often backups should be done, where they are saved to, when the backups should be tested, how often and the procedure for recovering data should you need to.
For internal IT use, you will need a policy in place to describe the network set up and documentation for your business. This should include guidelines regarding how the network is configured, how to add and remove employees from the network, how to decide and set permission levels and the plans for management of licensing and software.
This policy should cover what some might call the ‘miscellaneous’ areas. For example, if a new employee is starting and needs a computer, telephone and tablet all set up and ready to run on the first day, your IT services policy should outline who is responsible for purchasing, configuring and maintaining the new equipment. The policy should also define how technology needs and problems are addressed, and who in the organisation is responsible for IT and technical support, including updates, management, maintenance and long term planning.
The thought of setting up so many IT policies might seem a little daunting, especially if you don’t have a great grasp on IT to begin with. But it’s not as complicated as it seems. Many templates of these policies can be found online and customised, or you can hire in an IT professional such as us for a short time to design, tailor and write them up for you. For more information or support around IT policies, get in touch with us for your free consultation.