Eight FAQs on IT policies.
- Why does my business need an IT policy?
- How can IT policies benefit my staff?
- Which areas should my IT policy cover?
- How many IT policies do I need?
- How do I write an IT policy?
- Where can I get help to write my IT policy?
- How do I implement an IT policy?
- How can I make sure my IT policy remains relevant?
1. Why does my business need an IT policy?
Like any other effective employment policy, an IT policy removes ambiguity over what is expected of your employees during working hours.
Setting boundaries can help maximise productivity by making sure staff are doing what they should be doing, when they should be doing it. Sound IT policies can also protect your customers and ensure your business doesn't end up in court and out of pocket as a result of illegal acts by your employees.
Policies can also help safeguard your business in other ways - for example, by protecting your data and intellectual property.
2. How can IT policies benefit my staff?
Having clear rules about use of IT in your business means employees will know what they can and can't do. This should minimise the risk of problems which could lead to disciplinary action or dismissal.
3. Which areas should my IT policy cover?
It depends on the nature of your business and the scale and complexity of your IT. You might store information about your customers, in which case your IT policy will need to ensure employees observe data protection rules.
4. How many IT policies do I need?
Again, it depends on the nature of your business. Smaller businesses with basic IT usage could go for one catch-all IT policy that conveniently and succinctly covers off all major requirements.
However, should your needs be more complex, several detailed policies might be required. Whatever you choose, the language should be concise, direct and easy for employees to understand - that's the whole point.
5. So how do I write an IT policy?
Begin by carrying out a risk assessment. Looking at what could go wrong enables you to think about preventative steps. If feasible or necessary, speak to your employees when carrying out research; then you might have a better chance of gaining their support for the resulting IT policy.
Be sure to explain why having an IT policy is a good thing both for your business and for them. Your research might even uncover better ways to do things.
Create a first draft of your IT policy and then try to read it through from your employees' perspective. Seek a second opinion from someone you trust who is qualified to give one (like another senior manager with people-management experience).
Crucially, your IT policy should be comprehensive enough, leaving no room for doubt. It should clearly explain what is not permitted and why, and set out the likely consequences if your policy isn't observed.
6. Where can I get help to write my IT policy?
You might not have the time, inclination or knowledge to research and write your own employment policies. Don't worry - an HR consultant might be able to provide a cost-efficient solution that is fully tailored to your circumstances.
Alternatively for a small fee, you can find downloadable IT and other employment policies from companies like Simply-docs.
Acas provides advice on how to write a social networking policy. Free, example employment policies are available to download, but the quality and reliability of such documents can vary, so be warned.
7. How do I implement an IT policy?
You'll stand a much better chance if your employees understand why you are implementing an IT policy (to protect both parties).
It's not enough simply to distribute hard-copy documents or email them to employees; you've no guarantees they will be read and this could be used as a defence. It's better to call a short staff meeting to explain why the IT policy is being introduced and talk through its key requirements.
Where possible, use everyday examples to illustrate points and invite questions if anyone is unsure. Leave a copy of the IT policy permanently in a place that is accessible to all. As soon as they join, issue all new staff with hard and electronic copies of your policies for future reference.
8. How can I make sure my IT policy remains relevant?
Annual reviews can be effective, because things change. Policies can be quickly updated, but make sure your staff are made aware of all changes and explain why they are necessary.
Also invite your staff to feedback with any problems they encounter while working with your IT policy. It may not be as ‘black and white' as you'd hoped, so you might need to make changes to update your IT policy or make it more workable in practice.