Policies and Procedures binders in the office. Stationery on a wooden shelf

Every business, small to large, needs to have policies in place to make it crystal clear to all employees what is expected of them in various situations as well as specific tasks that need to be done and who is responsible for those tasks. However, many companies still do not have these vital resources in place. Why? Sometimes it is a simple oversight. Other times the thought of putting together company policies can be overwhelming or just too time consuming to do.

Regardless of the reasons, having formal policies in place ensure that your business keeps running smoothly and, in many cases, is protected legally should something not go according to plan. Below we will explore the basic policies that all businesses should have.

Acceptable Use Policy

An Acceptable Use Policy is a document that outlines the practices and constraints that a user must agree to in order to have access to a company’s network or the internet. This type of document helps protect you and your company not only from employees wasting corporate time on things they shouldn’t be doing but also from issues that might arise from a user doing something illegal while using the company’s internet or network.

Basically this document states how users can use the internet and network and it also generally states what the repercussions will be should the practices and constraints not be followed. These repercussions generally state that disciplinary action will be taken up to and including termination. Usually employees are asked to read, agree, and sign the agreement upon being hired.

Security Policy

A Security Policy generally documents the company’s guidelines for passwords, levels of access to the network, virus protection, confidentiality, and the usage of data.

Guidelines for passwords will generally include how long passwords should be, the type of characters that should be used, how long passwords are good for, if a password can be used again and if so – when, as well as common sense advice to not share passwords or leave them lying around for anyone to see.

Levels of access to the network is basically who is allowed to access the different parts of the network, when, for how long, and who to contact to request access to the different parts of the network. Generally, employees should only be allowed access to the least amount of resources needed to do their job. This is called the principle of least privilege.

Virus protection outlines what should be done to make sure the system is protected against viruses and hackers and who is responsible for making sure that is always happening. It may also detail who you should contact if you find that there is a virus or suspicious activities happening on the network.

Confidentiality outlines what is required to protect the company’s sensitive data and provides guidelines as to each user’s responsibilities in keeping all company data confidential and the ramifications should they leak that information.

Usage of data outlines how the user can use the information they are privy to and what they are not allowed to do with it. This is particularly important in companies that handle health, financial, or personal information on a regular basis.

Disaster Recovery Policy

The Disaster Recovery Policy contains guidelines in the event of a disaster as to how data will be recovered and what data backup methods are being used to ensure continuation of services.

This policy is usually quite detailed so that nothing is left to chance. It covers what to do in case of an emergency to keep the business running, the recovery plan, data backup plans such as who is responsible for making sure they happen, back up schedule, a list of what systems are being backed up, where everything is being backed up to, test procedures and frequency, as well as the method for restoring the back up. It also covers who needs to be called such as emergency personnel, investors, board members, external IT services, and more.

Basically, this is the ‘how to make sure the company survives in the case of a disaster, natural or otherwise’. Don’t leave your business without this plan. It can mean the difference between bouncing back and going out of business.

Technology Standards Policy

This policy generally states what type of software, hardware, and systems the company uses as well as those that are prohibited from being used. Some things that might be prohibited are messenger apps or software that downloads music, videos, or files to the company network. This document also usually states how devices, software, and apps can be installed and configured.

Some of the benefits of having this type of document are improved IT service quality, lowered technology management costs, allowing IT departments to better test and manage product compatibility in order to reduce platform conflict problems, lowered technology costs, improved user specialization of technology used, and more. It is basically a good idea to document and set standards in place for the technology used in any business to control the chaos that can be associated with constantly growing technology sector.

Network Setup and Documentation Policy

The Network Setup and Documentation Policy is exactly what it sounds like. It is a document that states how the network should be set up and configured as well as how new employees should be added to the system, how terminated employees should be removed from the system, how to set permission levels for users, and documentation regarding the licensing of software.

This document can get quite detailed as it usually outlines the IP addresses of all devices on the network, server documentation, network drawings showing where everything is located and how they are all inter-related, configuration information of switches/routers/firewalls, and more.

IT Services Policy

The IT Services Policy determines the guidelines on how IT needs and problems will be taken care of. It will state who is responsible for taking care of those needs and problems, who handles employee technical support, as well as maintenance, installation, and long-term technology planning.

This document, just like the Network Setup and Documentation Policy, can be quite detailed and long but it will ensure that everyone is in the loop about what needs to be done and who needs to do it as well as how to get issues resolved quickly.

So now that you are aware of the policies that all businesses should have in place now is the time to take action and create these policies before you actually need them. The task of writing up these policies can seem daunting and overwhelming but once they are done and in place it will act as an ‘insurance policy’ to ensure that everything that should be done is being done. Just make sure that all these policies are reviewed and updated annually (or sooner if anything changes).

Let DataOne Networks help your business protect its data and embrace all that technology has to offer. Click here and contact us today to get started!