No matter how much freedom you choose to give your staff, it is important to retain some control over how technology is used in your business. When you have control, you can be confident that staff are not wasting time, are complying with data protection laws and that you have a proper structure within which your business operates.
Once a company uses computers, email, Internet, and software on a daily basis, they should have Information Technology (IT) policies in place. It is critical for a company to protect itself by having policies to govern areas such as personal internet and email usage, security, software and hardware inventory, and data retention. It is also important for the business owner to know the potential lost time and productivity at their business because of personal internet usage.
Your IT policy helps to establish this structure. They describe how technology should be used in your business so your employees know what is and what is not allowed. In short, they protect your company and staff.
Your IT policy does not need to run to hundreds of pages or contain complicated legalese. Ideally, they should cover the essentials and be easily understood by employees. IT policies should be documents your employees can read, understand and put into practice. Without written policies, there are no standards to reference when status quo situations arise.
Since these policies are completely necessary for a business or company to have, what exactly are the IT policies that every company should have? There are six areas that need to be addressed:
- Acceptable use of Technology:
Guidelines for the use of computers, fax machines, telephones, internet, email, and voicemail and the consequences for misuse.
Guidelines for passwords, levels of access to the network, virus protection, confidentiality, and usage of data.
- Disaster Recovery:
Guidelines for data recovery in the event of a disaster, and data backup methods.
- Technology Standards:
Guidelines to determine the type of software, hardware, and systems that will be purchased and used at the company, including those that are prohibited (for example, instant messenger or mp3 music download software).
- Network Set up and Documentation:
Guidelines regarding how the network is configured, how to add new employees to the network, permission levels for employees, and licensing of software.
- IT Services:
Guidelines to determine how technology needs and problems will be addressed; who in the organisation is responsible for employee technical support, maintenance, installation, and long-term technology planning.
You may be overwhelmed by the thought of creating IT policies, particularly if you do not have a firm grasp of technology. The good news is that you do not have to draft these policies from scratch; there are several resources to help you in this venture. All you need is to research online and speak to the head of IT in your company to help in putting the policy into action. Most importantly, you need to have policies with some teeth. They need to work for your company and your employees, and they need to be enforced. If you are not sure how to do this, your company may want to employ the services of a technology consultant who can make recommendations for policies according to how technology is used on a daily basis for your business.
Every situation and company is different; there is no one size fits all for IT policies. Every business should, at the very least, have the basics covered, but how they cover the basics depends upon the company’s culture and business needs.
Having policies and procedures simply for the sake of saying you have them is useless. It may make you feel better initially, but just wait until an issue arises for which no policy exists.
Whatever you do, do not delay. It could cost you. If you are hit with a major disaster and have no recovery or backup policy in place, you could lose valuable time, money and even your business.