SUBSCRIBE TO TMCnet
TMCnet - World's Largest Communications and Technology Community

CHANNEL BY TOPICS


QUICK LINKS




The IT Lifecycle: IT Policies

Industry News from Cloud IT

The IT Lifecycle: IT Policies

Share
Tweet
March 23, 2016

As business leaders grow their companies, corporate assets should always be top of mind. As such, business leaders should be implementing IT policies early on, in order to set standards and expectations for employees when it comes to the use of corporate technology and managing corporate data.


In parts one and two of this three-part series, I rolled out a playbook on when companies should hire their first “IT” consultant and what to keep in mind when appointing a CIO. In this third and final part of the IT Lifecycle series, I’ll discuss when companies should start rolling out formal IT policies and how to do so.

In the case of Joe Smith, the CEO of Joe’s Widget Shop, his software startup business is expanding, requiring him to make significant IT investments for his employees. He has now set up an office network and has purchased laptops for each one of his employees. Joe is now evaluating when and how to build out more formal IT policies to set rules and standards for his employees.

When to Roll Out Formal IT Policies

The emergence of new laws, technologies, regulations, and operational or compliance needs are all policy development triggers, but it’s important to consider that part of the “when” question can be industry specific, and not solely dependent on headcount. For example, a large construction company that has few employees in the office and most of its employees out in the field probably doesn’t need the same types of IT policies as Joe’s Widget Shop, which is a small tech company with employees on computers all day long.

When implementing formal IT policies, it’s important for Joe to specify the structure and criteria for how each IT policy, guideline or standard should be categorized. Joe should also outline a process for initiating, reviewing, approving and revising IT policies. This includes having a plan in place to manage ongoing roles and responsibilities associated with IT policy development and maintenance.

One common mistake to avoid is repurposing previous examples of IT and security policies found online or “borrowed” from a previous job. Instead, it is important for Joe to take the time to create a custom policy, which aligns with the needs of his particular business.

How to Lay Down the Law

Without written policies, there are no standards to reference. It’s important for Joe to note that policies should clearly define “acceptable use” for both company-owned and employee-owned technology.

But just defining policies isn’t enough. It’s essential that Joe educates employees on the proper process and protocol for using corporate equipment and technology, and should also tie it into the overall security strategy of the organization. When establishing IT policies, Joe should outline password requirements, levels of access, confidentiality, restricted third-party or shadow IT applications, and best practices for malware protection.

Instead of just listing out rules, Joe should also provide comprehensive guidelines for things like network configuration, onboarding new employees and setting permission levels for employees. There should also be guidelines outlining how to handle certain IT issues, specifying points of contact for employee technical support, maintenance, installation and long-term technology planning.

Bottom Line

Finally, in order to ensure compliance among all employees, it’s important for Joe to communicate the reasoning behind these rules and structure. Employees will be more diligent about doing their part to be compliant, once they have better insight into the rationale and benefits behind such policies. Joe should stress that these rules are in place to protect the business and company assets.

Policies and procedures are often given little attention until something goes wrong, but there’s no reason to wait. Avoid potentially costly problems by establishing clearly defined policies in advance of any mishaps so that you can help ensure that your organization and its assets are secure and compliant.



Article comments powered by Disqus
Cloud IT Homepage »





Technology Marketing Corporation

2 Trap Falls Road Suite 106, Shelton, CT 06484 USA
Ph: +1-203-852-6800, 800-243-6002

General comments: [email protected].
Comments about this site: [email protected].

STAY CURRENT YOUR WAY

© 2024 Technology Marketing Corporation. All rights reserved | Privacy Policy