IT policy FAQs

One cartoon red lock amongst lots of blue cartoon locks

Eight FAQs on IT policies.

  1. Why does my business need an IT policy?
  2. How can IT policies benefit my staff?
  3. Which areas should my IT policy cover?
  4. How many IT policies do I need?
  5. How do I write an IT policy?
  6. Where can I get help to write my IT policy?
  7. How do I implement an IT policy?
  8. How can I make sure my IT policy remains relevant?

1. Why does my business need an IT policy?

Like any other effective employment policy, an IT policy removes ambiguity over what is expected of your employees during working hours.

Setting boundaries can help maximise productivity by making sure staff are doing what they should be doing, when they should be doing it. Sound IT policies can also protect your customers and ensure your business doesn't end up in court and out of pocket as a result of illegal acts by your employees.

Policies can also help safeguard your business in other ways - for example, by protecting your data and intellectual property.

Back to top

2. How can IT policies benefit my staff?

Having clear rules about use of IT in your business means employees will know what they can and can't do. This should minimise the risk of problems which could lead to disciplinary action or dismissal.

On an everyday level, the huge popularity of social networking websites means many employers have had to write or update their IT policies to provide guidance.

Back to top

3. Which areas should my IT policy cover?

It depends on the nature of your business and the scale and complexity of your IT. You might store information about your customers, in which case your IT policy will need to ensure employees observe data protection rules.

As another example, you might have to manage employees who work from home or who use one of your laptops when visiting clients. IT policies usually offer clear guidance on these areas:

Back to top

4. How many IT policies do I need?

Again, it depends on the nature of your business. Smaller businesses with basic IT usage could go for one catch-all IT policy that conveniently and succinctly covers off all major requirements.

However, should your needs be more complex, several detailed policies might be required. Whatever you choose, the language should be concise, direct and easy for employees to understand - that's the whole point.

Back to top

5. So how do I write an IT policy?

Begin by carrying out a risk assessment. Looking at what could go wrong enables you to think about preventative steps. If feasible or necessary, speak to your employees when carrying out research; then you might have a better chance of gaining their support for the resulting IT policy.

Be sure to explain why having an IT policy is a good thing both for your business and for them. Your research might even uncover better ways to do things.

Create a first draft of your IT policy and then try to read it through from your employees' perspective. Seek a second opinion from someone you trust who is qualified to give one (like another senior manager with people-management experience).

Crucially, your IT policy should be comprehensive enough, leaving no room for doubt. It should clearly explain what is not permitted and why, and set out the likely consequences if your policy isn't observed.

Back to top

6. Where can I get help to write my IT policy?

You might not have the time, inclination or knowledge to research and write your own employment policies. Don't worry - an HR consultant might be able to provide a cost-efficient solution that is fully tailored to your circumstances.

You can check out free IT policy templates available online.

Alternatively for a small fee, you can find downloadable IT and other employment policies from companies like Simply Docs.

Acas provides advice on how to write a social networking policy. Free, example employment policies are available to download, but the quality and reliability of such documents can vary, so be warned.

Back to top

7. How do I implement an IT policy?

You'll stand a much better chance if your employees understand why you are implementing an IT policy (to protect both parties).

It's not enough simply to distribute hard-copy documents or email them to employees; you've no guarantees they will be read and this could be used as a defence. It's better to call a short staff meeting to explain why the IT policy is being introduced and talk through its key requirements.

Where possible, use everyday examples to illustrate points and invite questions if anyone is unsure. Leave a copy of the IT policy permanently in a place that is accessible to all. As soon as they join, issue all new staff with hard and electronic copies of your policies for future reference.

Back to top

8. How can I make sure my IT policy remains relevant?

Annual reviews can be effective, because things change. Policies can be quickly updated, but make sure your staff are made aware of all changes and explain why they are necessary.

Also invite your staff to feedback with any problems they encounter while working with your IT policy. It may not be as ‘black and white' as you'd hoped, so you might need to make changes to update your IT policy or make it more workable in practice.

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.