IT Policies Help IT Staff and Reduce LiabilitiesLearn Management Articles on management-info.biz. IT Policies Help IT Staff and Reduce Liabilities article will help answer your questions on Management Articles.We at management-info.biz specialize in Management Articles. Management Articles at management-info.biz provides the most up to date news and articles. If you have questions please do not hesitate to contact us.
“What do you mean I can’t download … fill-in-the-blank?” As IT managers we are constantly berated by users because they want to do something on their company computer that we know they shouldn’t. But getting users to conform to reasonable standards is a real challenge for most IT departments. We live in the information age and with the benefits of technology come the associated risks and liabilities. The same tools that allow productivity gains have the potential to diminish worker productivity and to expose the company to harmful content as well as regulatory and legal liabilities. Many business executives do not yet grasp the importance of protecting Information Technology assets from liabilities and need to focus on the legalities surrounding IT as well as the use of IT systems by employees. If you take a moment to read any newspaper you will likely find several instances in which either by ignorance or design, employees have used company IT assets in a way that puts the company at risk, or worse: gets them in serious hot water. So why aren’t companies focusing on these risks? In my experience a large part of the problem lies in staff not knowing how to begin writing acceptable use policies for IT systems. Then add to that hurdle the facts of constrained budgets, limited staff and that a typical IT manager will likely assume the company legal department will advise of any need to change policies or the management of IT assets. And at the same time, management is occupied with running the business and assumes that IT and legal will manage any issues related to these assets. Unfortunately, the legal department typically understands the broader laws but does not necessarily focus on day-to-day IT operational issues. Liabilities will be reduced if the focus of IT, legal and the business side of the house are pulled together, to put into place reasonable and effective policies, procedures, disciplinary standards and company-wide educational programs. In addition, in doing so will give IT managers a defendable position against those users who berate them! Policies and procedures are a critical first step in protecting the organization’s vital enterprise IT assets. These same policies, while protecting assets and assisting IT staff in managing user “problems,” are also used as a defense against potential legal liabilities. A legally compliant IT department must address several areas of concern, such as software license compliance, the appropriate use of the Internet and e-mail, data protection, privacy and more. Though proper software licensing is the most frequently considered topic of IT compliance, companies face other equally important IT asset liability issues. Inappropriate use of e-mail and the Internet is as widespread a problem as copyright violations (software piracy). Bandwidth abuse and lost employee productivity are two additional areas of concern for most employers. Not only should a policy cover appropriate use but inappropriate use as well. E-mail content filtering has become a popular solution for blocking documents containing obscene, racist, offensive or explicit words and phrases as well as for virus prevention. Another benefit of e-mail content filtering is the reduction of leaks of confidential company data. Statistics reveal that most security breaches originate from within the organization, therefore an organization must also monitor what files are leaving the network. Significant case law supports the verity that e-mail and Internet monitoring is legal when a company provides the systems on which the employee uses these products. An employee does not have a “reasonable expectation of privacy” when using these tools. However, it is essential that the employee be advised of the company policies on these issues and that the policies are clear, well disseminated and supported company-wide. Privacy and other forms of data protection are another big area of concern for businesses. Fines from regulatory bodies and loss of competitive data have continued to push organizations to increase control over these assets, to reduce associated liabilities and risks. The way to efficiently educate users is to adopt, implement and enforce policies and procedures detailing the “Dos and Don’ts” of computer conduct and explaining how the organization deals with the complete lifecycle of its IT assets. Regardless of the size of your organization, start by creating a project team to administer the implementation of an IT compliance program. The size of the team will vary from one company to the next, but regardless of the size, the organization will need to commit appropriate resources, both human and financial, for the project to be a success. The project team should consist of a senior member of the IT department, to provide top-level exposure; of human resources, to ensure no policy violates existing regulations and to ensure that there are appropriate steps in place to discipline violators; of legal counsel, to ensure that policies and procedures drafted by the team are thoroughly reviewed and consecrated; and representatives from large departments, administration, security, training, IT, etc. If more than one physical location exists, be sure to include a member from each site to ensure that their specific needs and limitations are considered as well. Following is a list of the areas that should be covered. (Note: this list may not be comprehensive for every environment and some areas may not apply to every organization): Begin with an overall opening statement by the CEO (or equivalent) of the organization to not only add valuable corporate weight to the policies but also to show that these policies come from the very top and are being embraced by everyone in the organization, including the Board. Then create policies for the following essential areas: Software requisition, acquisition, delivery, installation and license compliance – Explain that software acquisition is restricted in order to ensure that the company has a complete record of all software that has been purchased for company computers and can register, support and upgrade said software. Software and Hardware Disposal – Often forgotten, this policy makes sure that software/hardware is disposed of in a controlled manner. An organization may have additional disposal requirements and/or options. Shareware, Freeware, Public Domain, Games, Fonts, Screensavers and Wallpaper – This policy is important, since users often think that because software is “free” or on evaluation, it falls outside the boundaries of the organization’s software policies, and they are unaware of the licensing issues surrounding these types of software. In many cases, these are copyrighted materials and may be used only in accordance with the license agreement of the publisher. Passwords, Security, Viruses – This policy must detail the importance of passwords, how they are administered, how often they are changed and of what characters they should consist. Stress the importance of user’s keeping their passwords safe. Detail how the organization protects itself against virus attack. The omnipresence of the Internet and web-based applications can open backdoors to the corporate IT infrastructure. Employees can either willfully or by neglect expose the organization to rapidly spreading viruses or other malicious and harmful code by accessing or downloading files of unknown origin. Data Protection – Detail the importance of your organization’s data. Also, cover how employees must treat specific types of data, such as customer information, research material, legal documents and records, etc. Because each organization will guard particular information based upon the type of business, explore each topic in detail within the organization. Internet, Instant Messaging, P2P Software – Most organizations in today’s business climate will have some type of Internet policy likely covering areas such as pornography, picture and media files (GIF, BMP, PCX, JPEG, MP3, etc.), personal use and more. Companies must also be concerned with the ease of obtaining software of all types from the Internet. E-mail – As with the Internet, there are many liabilities surrounding e-mail use. Companies should be aware of the pitfalls of improper data protection, defamatory comments, inappropriate bandwidth usage, viruses, etc. Increasingly, subject matter considered inappropriate for consumption or distribution within an organization is received, forwarded, mishandled, etc. The type of website content that is inappropriate within an organization is also unsuitable content for an e-mail. Auditing and Monitoring – This policy alerts users to the fact that regular monitoring of and audits on company IT assets are conducted. The policy must contain a statement that indicates that the user should have “no reasonable expectation of privacy” for any file, message, or content on all company systems. Mobile, Laptop and PDA Users – Mobile devices are a difficult group of assets to control because of the device portability and the fact that they may rarely connect to the corporate network. Because of this, laptop users often believe that they fall outside the boundaries of the software policies. It is essential that appropriate policies as well as unique procedures are created to address this elusive group of users. Backup and Maintenance of IT Systems – Be sure to define who is responsible for system backup and how these tasks are completed. This policy is important, because organizations rarely look at licensing, retention and destruction, e-discovery and privacy issues when creating backup procedures. It is essential to address these issues before having to retrieve from backup because of an unforeseen problem or because of litigation. Disciplinary Procedures – Policy statements can be a waste of time if they are not reinforced with disciplinary procedures for those that breach them. Your organization may already have procedures in place and these must be included in any set of technology policies. Policy Review – It is important to review and update policies and procedures when needed. The team or a subset of the initial compliance team will need to review the policies and procedures on an annual basis (or more frequently, if needed) to respond to changes in the business environment and the larger legal environment. Users must be told how new policies will be communicated. Furthermore, additional policies not included in this list will likely be required in some organizations. For example, financial institutions and hospitals are regulated by outside bodies that require specific situations be handled in the manner specified. Ensure that the company’s legal representatives ascertain the requirements made by other regulatory agencies and incorporate those demands into the policies and procedures. Policy statements should be short and to the point. Procedures can be long and detailed. Use a standard format for all of the policies, including the policy area to be covered, the reasons for the policy and a procedure specifically adapted for your organization. Lastly, but of great importance — make sure your users are trained on the policies. I can’t tell you how many organizations miss this essential step! The policies will not be defendable or, frankly, enforceable unless users are made aware of them. For the best results, have your internal training department (or other suitable group) develop a system to train users as well as track the training and to collect a written agreement to follow the policies from every employee. Make sure all new employees receive training and sign an agreement. At least once per year conduct follow-up training which need not be as comprehensive, but should serve to remind users of the company’s commitment to compliance. I promise you, the effort you put forth developing company-wide IT policies and procedures will pay off multifold — this isn’t an IT problem; this is a company problem and the solution needs to be addressed company-wide. 500 Years Of Natural Health Secrets. - Classic natural health eBooks help people lose weight, gain energy, reduce pain, improve memory, detox, etc. Secret To Never Overpay Legal Fees Again. - Government Insider Reveals A 5-step Top Secret Method To Reduce Or Potentially Eliminate Paying Any Legal Fees Forever! My colleagues and I get asked a lot about licensing. Frankly, Microsoft doesn’t have a great reputation for keeping it simple. And to be totally transparent – I, like many of my colleagues, would usually rather stick a fork in my eye that talk about it because it can get complicated. And confusing. And just…ugh. So you can imagine my joy when I was asked to write a newsletter editorial about simplifying licensing. Exactly. Then I had a very enlightening conversation with Terry Choquette, Licensing Marketing Manager at Microsoft and she pointed me to a few resources that got back to the basics and laid it all out very simply. I like simple. And I decided that this simple information was as blog worthy as it was newsletter worthy. While details about software licensing is not everybody’s favourite reading material, stick with me on this. Ways to buy a licenseFirst of all, there are 3 ways to buy a license as illustrated in the slide below: a full packaged product from a retail store, an OEM product on a new computer or a volume agreement from a reseller.
Volume licensing agreementsWhile you could simply walk into the nearest Best Buy or Future Shop and make your purchase, most organizations that need 5 or more licenses can benefit best from volume licensing agreements. Why? Well, there are some pricing advantages, there are more flexible options based on size and type of business, payment structure, ownership of software, etc., there are additional use rights for cross-language and reimaging machines, and there are use rights to new product versions, support, training, tools, etc., with Software Assurance (more about this below). For this post, I’m going to limit my discourse to those organizations who want to license less than 250 devices or users, which I would hazard a guess applies to most of you reading this blog. If you need help with licensing options for 250 devices/users or more, lemme know and I’ll put you in touch with people who can help you or you can check out these online resources. Below is a great 3.5 minute video that lays out the volume licensing options that are part of the Microsoft Open License program for small and medium sized businesses: (Please visit the site to view this video) Basically, there are 3 volume licensing agreement options: Open License, Open Value and Open Value Subscription. Now if you want more detail than the video gives (you did watch it right? C’mon it’s only 3.5 minutes long and it’s pretty entertaining!), you’ll want to take a look at the Open License Program Guide. It has a very useful chart on page 8 which compares what you get with an Open License agreement compared to an Open Value agreement. Software AssuranceSoftware Assurance is something that can be added to your volume license agreement which provides 24x7 support, deployment planning services, training, and the latest software releases. Although once viewed as simply an insurance policy for free software upgrades, Software Assurance has now been recognized by analysts as an essential tool for getting the most out of your licensing purchase. Below is a screen shot from an interactive PDF listing the benefits of Software Assurance with each type of licensing agreement.
For more information about Software Assurance and what it can do for your organization, check out the Software Assurance site. Let me know if this was helpful!
Article Index: | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 |
More Articles:1. Managing Rebellious Employees By Michael Mercer Surveys of executives reveal that many companies fall short of their profit objectives due to “people problems.” Research for my Absolutely Fabulous Organizational Change book found these “people problems” fall into two “r” categories: rebellion and resistance.Rebellion is akin to teenagers defying authority figures, fir instance, rebelling against leaders who institute change. Resistance includes employees flinging roadblocks in the way of the organizational change. Examples include employ… PMS Remedies 2. How To Conduct a Successful Brainstorming Session By Andrew Gowans Brainstorming: When you and your group or improvement team wish to generate as many ideas as possible in as short a time as possible.It’s Powerful It’s Quick It’s Fun It’s MisusedHowever simple we think this tool is, if we do not set the groundrules, or fail to follow them, we will be very disappointed with the outcome. Some team members may even be fearful to contribute fully – giving safe, guarded inputs.This is NOT what Brainstorming is all about!Before a project or improvement team can m… 3. How to Approach Group Decision Making By Andrew E. Schwartz GROUP DECISION MAKING -- IDENTIFY THE PROBLEM: Tell specifically what the problem is and how you experience it. Cite specific examples. --“Own” the problem as yours and solicit the help of others in solving it rather than implying that it’s someone else’s problem that they ought to solve. Keep in mind that if it were someone else’s problem, they would be bringing it up for discussion. --In the identification phase of problem-solving, avoid references to solutions. This can trigger disagreement… 4. Agendas Make Meetings Productive By Martin Haworth Having an agenda template that works well for you, week in, week out, creates a consistency which gets your people bought into the process. Delivering an efficiency and effectiveness which makes the most of the valuable time you have together. Key points to note are:-CirculateShare your agenda in good time, well before your meeting (with reading material for preview). This gives time for review, preparation and challenge. RolesIn a meeting there are various roles to be taken on from the star… |
||||
