IT Policy Development

Why do you need an IT policy ?

IT-Toolkits_Email_Policy

Your IT policies

A no entry sign in the desertHaving a clear set of IT policies will help your business make effective use of IT. Additionally, it can protect your company from legal problems, security risks and unnecessary costs.

Why do you need an IT policy?

The main reasons for establishing a set of IT policies are:

  • To ensure you use IT effectively. IT policies create a framework within which IT can be used. For example, they explain the best way to get support or training.
  • To protect your business. For instance, a data protection policy helps ensure you use customer data within the bounds of data protection law.
  • To protect your staff. Having policies that cover email and internet use will ensure your staff understand what is permitted and how much privacy they can expect when using the internet at work.
  • To help buy, support and use IT. Many companies have an IT policy covering purchasing and support. This helps you spend your budget effectively and handle problems consistently.

IT and computer policy areas

The exact areas your IT policies should cover will depend on the nature of your business and how you use IT. For instance, if you allow home working, you will need a policy to explain when it is permitted and how it works in practice.

Most businesses have IT policies covering a few common areas:

  • Email use: how employees are permitted to use email at work.
  • Internet use: how your staff can and cannot use the internet at work.
  • Social media use: what boundaries are there for social media use in your company?
  • Data protection: what does your company do to protect sensitive data?
  • Website privacy: this sits on your website so visitors know how you use their data.
  • IT security: procedures and precautions to keep data and systems safe.
  • Training and support: how your business provides training and support to staff.

How to write an IT policy

It’s a good idea to create several policies rather cramming everything into one big IT policy. Each should be a usable document which staff can read, understand and put into practice.

If you’re creating or updating an IT policy, try to involve everyone who might be affected by it. This enables you to build support for the policy amongst your staff, ensuring the new policy is usable and effective once you put it in place.

You could start by holding a meeting about the policy, or inviting comments on a first draft.

Make sure each IT policy reflects how your business actually operates. Preparing formal policies can be a good opportunity to review whether you should change how you do things.

There’s no point, for instance, in creating a super-cautious security policy if your staff are likely to circumvent or ignore it in order to do their jobs. In this case, your goal should be to build a secure environment without being overly restrictive.

You may wish to seek advice from legal and HR professionals when preparing your IT policy, particularly when dealing with areas covered by legislation, like data protection oremployment law.

Implementing an IT policy

If you’re introducing a new computer policy, it’s not enough to send it to your staff and assume they will take notice. Policies can be ignored for lots of reasons – many of them innocent or well-meaning – as well as being misinterpreted or simply forgotten.

To communicate a new policy, run training sessions to explain its implications. Your employees need to understand why each IT policy exists, as well as what it says.

Use practical examples and consider checking employees’ understanding of your policies. Train up new starters and get staff to sign to confirm they have read and understand all your policies.

Review each IT policy regularly to ensure it still fits with your business. Encourage staff to report issues. Are policies creating barriers to getting work done? Are they being followed correctly?