IT Policies Help IT Staff and Reduce Liabilities

Home | Current Issue | Submission | Contact Us

IT Policies Help IT Staff and Reduce Liabilities

"What do you mean I can't download ... fill-in-the-blank?" As IT managers we are constantly berated by users because they want to do something on their company computer that we know they shouldn't. But getting users to conform to reasonable standards is a real challenge for most IT departments. We live in the information age and with the benefits of technology come the associated risks and liabilities. The same tools that allow productivity gains have the potential to diminish worker productivity and to expose the company to harmful content as well as regulatory and legal liabilities.

Many business executives do not yet grasp the importance of protecting Information Technology assets from liabilities and need to focus on the legalities surrounding IT as well as the use of IT systems by employees. If you take a moment to read any newspaper you will likely find several instances in which either by ignorance or design, employees have used company IT assets in a way that puts the company at risk, or worse: gets them in serious hot water.

So why aren't companies focusing on these risks? In my experience a large part of the problem lies in staff not knowing how to begin writing acceptable use policies for IT systems. Then add to that hurdle the facts of constrained budgets, limited staff and that a typical IT manager will likely assume the company legal department will advise of any need to change policies or the management of IT assets. And at the same time, management is occupied with running the business and assumes that IT and legal will manage any issues related to these assets. Unfortunately, the legal department typically understands the broader laws but does not necessarily focus on day-to-day IT operational issues.

Liabilities will be reduced if the focus of IT, legal and the business side of the house are pulled together, to put into place reasonable and effective policies, procedures, disciplinary standards and company-wide educational programs. In addition, in doing so will give IT managers a defendable position against those users who berate them! Policies and procedures are a critical first step in protecting the organization's vital enterprise IT assets. These same policies, while protecting assets and assisting IT staff in managing user "problems," are also used as a defense against potential legal liabilities.

A legally compliant IT department must address several areas of concern, such as software license compliance, the appropriate use of the Internet and e-mail, data protection, privacy and more.

Though proper software licensing is the most frequently considered topic of IT compliance, companies face other equally important IT asset liability issues. Inappropriate use of e-mail and the Internet is as widespread a problem as copyright violations (software piracy). Bandwidth abuse and lost employee productivity are two additional areas of concern for most employers. Not only should a policy cover appropriate use but inappropriate use as well.

E-mail content filtering has become a popular solution for blocking documents containing obscene, racist, offensive or explicit words and phrases as well as for virus prevention. Another benefit of e-mail content filtering is the reduction of leaks of confidential company data. Statistics reveal that most security breaches originate from within the organization, therefore an organization must also monitor what files are leaving the network.

Significant case law supports the verity that e-mail and Internet monitoring is legal when a company provides the systems on which the employee uses these products. An employee does not have a "reasonable expectation of privacy" when using these tools. However, it is essential that the employee be advised of the company policies on these issues and that the policies are clear, well disseminated and supported company-wide.

Privacy and other forms of data protection are another big area of concern for businesses. Fines from regulatory bodies and loss of competitive data have continued to push organizations to increase control over these assets, to reduce associated liabilities and risks.

The way to efficiently educate users is to adopt, implement and enforce policies and procedures detailing the "Dos and Don'ts" of computer conduct and explaining how the organization deals with the complete lifecycle of its IT assets.

Regardless of the size of your organization, start by creating a project team to administer the implementation of an IT compliance program. The size of the team will vary from one company to the next, but regardless of the size, the organization will need to commit appropriate resources, both human and financial, for the project to be a success.

The project team should consist of a senior member of the IT department, to provide top-level exposure; of human resources, to ensure no policy violates existing regulations and to ensure that there are appropriate steps in place to discipline violators; of legal counsel, to ensure that policies and procedures drafted by the team are thoroughly reviewed and consecrated; and representatives from large departments, administration, security, training, IT, etc. If more than one physical location exists, be sure to include a member from each site to ensure that their specific needs and limitations are considered as well.

Following is a list of the areas that should be covered. (Note: this list may not be comprehensive for every environment and some areas may not apply to every organization):

Begin with an overall opening statement by the CEO (or equivalent) of the organization to not only add valuable corporate weight to the policies but also to show that these policies come from the very top and are being embraced by everyone in the organization, including the Board.

Then create policies for the following essential areas:

Software requisition, acquisition, delivery, installation and license compliance - Explain that software acquisition is restricted in order to ensure that the company has a complete record of all software that has been purchased for company computers and can register, support and upgrade said software.

Software and Hardware Disposal - Often forgotten, this policy makes sure that software/hardware is disposed of in a controlled manner. An organization may have additional disposal requirements and/or options.

Shareware, Freeware, Public Domain, Games, Fonts, Screensavers and Wallpaper - This policy is important, since users often think that because software is "free" or on evaluation, it falls outside the boundaries of the organization's software policies, and they are unaware of the licensing issues surrounding these types of software. In many cases, these are copyrighted materials and may be used only in accordance with the license agreement of the publisher.

Passwords, Security, Viruses - This policy must detail the importance of passwords, how they are administered, how often they are changed and of what characters they should consist. Stress the importance of user's keeping their passwords safe. Detail how the organization protects itself against virus attack. The omnipresence of the Internet and web-based applications can open backdoors to the corporate IT infrastructure. Employees can either willfully or by neglect expose the organization to rapidly spreading viruses or other malicious and harmful code by accessing or downloading files of unknown origin.

Data Protection - Detail the importance of your organization's data. Also, cover how employees must treat specific types of data, such as customer information, research material, legal documents and records, etc. Because each organization will guard particular information based upon the type of business, explore each topic in detail within the organization.

Internet, Instant Messaging, P2P Software - Most organizations in today's business climate will have some type of Internet policy likely covering areas such as pornography, picture and media files (GIF, BMP, PCX, JPEG, MP3, etc.), personal use and more. Companies must also be concerned with the ease of obtaining software of all types from the Internet.

E-mail - As with the Internet, there are many liabilities surrounding e-mail use. Companies should be aware of the pitfalls of improper data protection, defamatory comments, inappropriate bandwidth usage, viruses, etc. Increasingly, subject matter considered inappropriate for consumption or distribution within an organization is received, forwarded, mishandled, etc. The type of website content that is inappropriate within an organization is also unsuitable content for an e-mail.


Home \| Current Issue \| Submission \| Contact Us
IT Policies Help IT Staff and Reduce Liabilities "What do you mean I can't download ... fill-in-the-blank?" As IT managers we are constantly berated by users because they want to do something on their company computer that we know they shouldn't. But getting users to conform to reasonable standards is a real challenge for most IT departments. We live in the information age and with the benefits of technology come the associated risks and liabilities. The same tools that allow productivity gains have the potential to diminish worker productivity and to expose the company to harmful content as well as regulatory and legal liabilities. Many business executives do not yet grasp the importance of protecting Information Technology assets from liabilities and need to focus on the legalities surrounding IT as well as the use of IT systems by employees. If you take a moment to read any newspaper you will likely find several instances in which either by ignorance or design, employees have used company IT assets in a way that puts the company at risk, or worse: gets them in serious hot water. So why aren't companies focusing on these risks? In my experience a large part of the problem lies in staff not knowing how to begin writing acceptable use policies for IT systems. Then add to that hurdle the facts of constrained budgets, limited staff and that a typical IT manager will likely assume the company legal department will advise of any need to change policies or the management of IT assets. And at the same time, management is occupied with running the business and assumes that IT and legal will manage any issues related to these assets. Unfortunately, the legal department typically understands the broader laws but does not necessarily focus on day-to-day IT operational issues. Liabilities will be reduced if the focus of IT, legal and the business side of the house are pulled together, to put into place reasonable and effective policies, procedures, disciplinary standards and company-wide educational programs. In addition, in doing so will give IT managers a defendable position against those users who berate them! Policies and procedures are a critical first step in protecting the organization's vital enterprise IT assets. These same policies, while protecting assets and assisting IT staff in managing user "problems," are also used as a defense against potential legal liabilities. A legally compliant IT department must address several areas of concern, such as software license compliance, the appropriate use of the Internet and e-mail, data protection, privacy and more. Though proper software licensing is the most frequently considered topic of IT compliance, companies face other equally important IT asset liability issues. Inappropriate use of e-mail and the Internet is as widespread a problem as copyright violations (software piracy). Bandwidth abuse and lost employee productivity are two additional areas of concern for most employers. Not only should a policy cover appropriate use but inappropriate use as well. E-mail content filtering has become a popular solution for blocking documents containing obscene, racist, offensive or explicit words and phrases as well as for virus prevention. Another benefit of e-mail content filtering is the reduction of leaks of confidential company data. Statistics reveal that most security breaches originate from within the organization, therefore an organization must also monitor what files are leaving the network. Significant case law supports the verity that e-mail and Internet monitoring is legal when a company provides the systems on which the employee uses these products. An employee does not have a "reasonable expectation of privacy" when using these tools. However, it is essential that the employee be advised of the company policies on these issues and that the policies are clear, well disseminated and supported company-wide. Privacy and other forms of data protection are another big area of concern for businesses. Fines from regulatory bodies and loss of competitive data have continued to push organizations to increase control over these assets, to reduce associated liabilities and risks. The way to efficiently educate users is to adopt, implement and enforce policies and procedures detailing the "Dos and Don'ts" of computer conduct and explaining how the organization deals with the complete lifecycle of its IT assets. Regardless of the size of your organization, start by creating a project team to administer the implementation of an IT compliance program. The size of the team will vary from one company to the next, but regardless of the size, the organization will need to commit appropriate resources, both human and financial, for the project to be a success. The project team should consist of a senior member of the IT department, to provide top-level exposure; of human resources, to ensure no policy violates existing regulations and to ensure that there are appropriate steps in place to discipline violators; of legal counsel, to ensure that policies and procedures drafted by the team are thoroughly reviewed and consecrated; and representatives from large departments, administration, security, training, IT, etc. If more than one physical location exists, be sure to include a member from each site to ensure that their specific needs and limitations are considered as well. Following is a list of the areas that should be covered. (Note: this list may not be comprehensive for every environment and some areas may not apply to every organization): Begin with an overall opening statement by the CEO (or equivalent) of the organization to not only add valuable corporate weight to the policies but also to show that these policies come from the very top and are being embraced by everyone in the organization, including the Board. Then create policies for the following essential areas: Software requisition, acquisition, delivery, installation and license compliance - Explain that software acquisition is restricted in order to ensure that the company has a complete record of all software that has been purchased for company computers and can register, support and upgrade said software. Software and Hardware Disposal - Often forgotten, this policy makes sure that software/hardware is disposed of in a controlled manner. An organization may have additional disposal requirements and/or options. Shareware, Freeware, Public Domain, Games, Fonts, Screensavers and Wallpaper - This policy is important, since users often think that because software is "free" or on evaluation, it falls outside the boundaries of the organization's software policies, and they are unaware of the licensing issues surrounding these types of software. In many cases, these are copyrighted materials and may be used only in accordance with the license agreement of the publisher. Passwords, Security, Viruses - This policy must detail the importance of passwords, how they are administered, how often they are changed and of what characters they should consist. Stress the importance of user's keeping their passwords safe. Detail how the organization protects itself against virus attack. The omnipresence of the Internet and web-based applications can open backdoors to the corporate IT infrastructure. Employees can either willfully or by neglect expose the organization to rapidly spreading viruses or other malicious and harmful code by accessing or downloading files of unknown origin. Data Protection - Detail the importance of your organization's data. Also, cover how employees must treat specific types of data, such as customer information, research material, legal documents and records, etc. Because each organization will guard particular information based upon the type of business, explore each topic in detail within the organization. Internet, Instant Messaging, P2P Software - Most organizations in today's business climate will have some type of Internet policy likely covering areas such as pornography, picture and media files (GIF, BMP, PCX, JPEG, MP3, etc.), personal use and more. Companies must also be concerned with the ease of obtaining software of all types from the Internet. E-mail - As with the Internet, there are many liabilities surrounding e-mail use. Companies should be aware of the pitfalls of improper data protection, defamatory comments, inappropriate bandwidth usage, viruses, etc. Increasingly, subject matter considered inappropriate for consumption or distribution within an organization is received, forwarded, mishandled, etc. The type of website content that is inappropriate within an organization is also unsuitable content for an e-mail.	5 Good Books To Read A Canvas Print From A New Perspective For Your Journal Art Work In Communities Arts Impact On Society Backyard Landscaping Ideas Pictures Benefits Of A Good Training Buying British Dresses For Weddings Childrens Literature Convert Your Inner Critic To Coach Critical Analysis Of Urdu Novels Of Umera English Literature Essays And Business Essays Enrich Your Knowledge With Penguin Books Experience Where To Buy Kindle Facebook Tagging Pictures To Let You Have Features Of Gothic Romance Novels Finding Free Urdu Novels Get Over Yourself With Graphic Novels The Fantastic Addition To Comic Holiday Journal Therapy How To Encourage Masses To Read How To Sell Abstract Art For A Living How To Understand Contemporary Art Illustrated Books Bringing Life To The Page Indian Art Now An Investor’s First Indian Literature R K Narayan Indicating Plagiarism In The Urdu Is Digital Art Real Art Journal Writing Your Wrong Ways Keep A Gratitude Journal And Get Happy Literature as the Way to Get Familiarized Locate Factors Of Stock Pictures Martial Art Let Your Kid Be Strong Musical Journal Therapy Must read Classics For Kids Nikon Coolpix For You Cool Online Urdu Novels By Farhat Printing Pictures On To Canvas Reviw Journal Endorses Angle Selecting Pictures For An Online Memorial Simple Steps To Good Social And Marketing Aspects Of Art Online Strange Places Valuable Used Taboo Literature The Finer Points Of A Literature The Inspector Morse Novels The Many Advantages In Using The Rise Of Funny Thrilling Romance Novels Review Understanding The Paradigm Of Context In Works Urdu Stories And Novels By Umera Urdu Innovative Literature Builds Progressive Nation Uses For Senior Pictures Using Literature With English Language Ways Of Fighting The Plagiarism What Is Lacking In The Contemporary What Makes Contemporary Art Interesting When Did Photography Become Why You Should Be Reading 14 Spiritual Laws to Know A to Z of Indian Politics Business Policies Comparison of the Traditional English Corporate Governance Investing in the Emerging Daily Politics Blog How to Find Decalogue Covenant Does God Want People E Governance Effective Policy Writing Five Tips For the Best Friendship and Politics Can General Information Regarding Lemon Government Bids Top 10 Tips Government Contract Proposal Writing Tips Household Insurance Policy What Is Covered How Does a Bee Become the Queen IT Policies Help IT Staff International Law Issues Which Are Plaguing the Indian Lets Say Goodbye To Vanity Life Insurance Policies Term Life Insurance Troubleshooting Local Self Government In New Jersey Long Term Care Insurance Moving to Queens New York O P Bhatnagar A Poet Political Discourse and Participatory Democracy Politics The Ugliest Fascination on Earth Problems In Managing Government Purim Why Did the Womanizer Queen Bee Rearing Queen Hatshepsut Egypts Queen Who Would Queen Honeybees Queens of Amsterdam The Government GIP The Laws of Life The Lemon Law in Florida Stating The Meaning Of Queen The Role of Government The Significance of the Queen Bee Types Of Life Insurance Policies US Government Sales Marketing Universal Law Using SAMPLES to Help you Write What Is The Best What is Political Science Where Now For European Political Why Fear Laws When You Can Make Why Workplace Politics Charts Write Separate Policy And Procedure Manuals 1 Carat Diamond Earrings 10 Things You Need 8 Things To Consider While A Unique Moment A Unique Affordable Fashion Jewelry All Ladies Love Fashion Jewelry Are Clip On Earrings Adjustable Are Clip on Earrings Cheaper Aristocrat Crystal Jewelry Being Cautious When Dealing With Wholesale Bracelets One Of The Oldest Forms Brilliant Ideas When Buying Buying Man Made Diamonds Can I Convert Normal Earrings To Clip Cartier Bracelets Timeless Classic Charm Bracelets Make Great Gifts Checklist For Making Handmade Jewelry Classic Pearl Jewelry Clip On Earrings Or Magnetic Credcam Head Mounted Mini Video Diamond Simulant Jewelry A Comparison Differences Between Male And Female Drop Earrings Come In Many Giordano Watches Guide On How To Choose Handcrafted Jewellery Earrings In Unique How Do Men Wear Silver How To Find The Best How To Fix Tight Clip How To Reduce The Tightness In Search Of High In The Market For Discount Jewelry Infant Bracelets San Pedro California Low Self Esteem 3 Brilliant Personalized Leather Bracelets Making Wonderful Gift Piaget Luxury Watches Sell Watches Ny Get Help Six-movado-watches Smtp Server A Brilliant Innovation For Web Users Smtp Service Ґ A Brilliant Innovation Tennis Bracelets Are An Excellent Addition The Brilliant Features Of Clarion The Exqusite Beauty Of Gemstone The Finest In Watches The Great Investment Of Purchasing The Latest Trends In Charm Bracelets The Question That Transforms Brilliant Ideas Understanding Fine Jewelry What Are The Advantages Of Magnetic World Of Watches The Best Watches
All rights reserved Copyright © 2013 Curt's Pitch For ALS Contacts: info@wef-palestine.org