Every company or organization with computer systems needs to have information technology policies in place to govern the use and management of those systems. Technology policies clarify what you expect of your employees and users of your system and serve as a framework for IT business practices, network setup, security and system acquisitions. Technology policies for businesses include acceptable use of technology, security, business continuity, and IT services and standards policies.
Acceptable use of technology policies clearly define what is considered acceptable use of your company’s computer systems, hardware, software, peripheral devices and gadgets such as your fax machines and telephones. Acceptable use of email and voicemail systems can also be covered in your general acceptable use policy, although it is good practice to have a separate policy or section governing use of the Internet and electronic communication technologies. An acceptable use of technology policy should clearly spell out the consequences of technology misuse as well as acceptable use.
Security policies govern network access, passwords, permissions, authorization policies, anti-virus and firewall installations, data storage and use and system security and confidentiality. A security policy is critical to your company’s image and must be especially robust if you store your customers' personal data or financial information. Retain the services of a specially qualified security consultant when developing and implementing your security policy if your systems are sensitive or critical.
Technology continuity policies cover elements such as disaster recovery, backup and hot site management. You should have some type of continuity policy in place regardless of your company’s size, as any company is vulnerable to data loss and natural disasters, even if you have only a single computer. Include hosted services, cloud services and external service providers for any mission-critical systems in your continuity policies, which should have clearly defined responsibilities assigned to specific employees for a cohesive, rapid response in the event of a disaster.
An information technology services policy guides the provision of IT services within your company, including user training, division of responsibilities within your IT department, system acquisition, implementation and maintenance, vendor contracts and business planning. An information technology standards policy guides system acquisition and use, including software that your employees are not allowed to use and whether they are allowed to connect personal devices to your network. A network policy covers permitted connections as well as user setup, authorization, permissions, software licensing and any networked telecommunications, including Internet and intranet installations.
