Keeping Company IT Policies and Procedures Current Are Essential
IT policies and procedures are not “set and forget” documents. Read on and discover why they need to be updated regularly and some tips to implement you may not have thought of.
- Keep IT systems running optimally and securely. Documents need to be updated to reflect changes made to the systems so problems don’t arise. An example, if a company started collecting additional personal data from customers, it should update its privacy, data governance, and other applicable policies and procedures. Otherwise, the data might not be properly collected, cleaned, secured, used, and stored. This could lead to security vulnerabilities (e.g., improperly stored data) or data integrity issues (e.g., new data cannot be combined with existing data due to formatting inconsistencies).
- Avoiding lawsuits. Businesses can be held liable for out-dated, vague, and inconsistently enforced policies. For instance, a US jury awarded $21 million in damages to a woman who was struck by a Coca-Cola delivery driver who had been talking on her cell phone at the time of the accident. The plaintiff’s attorneys successfully argued that the company’s mobile phone policy for its drivers was vague and that Coca-Cola was aware of the dangers of distracted driving but withheld this information from its drivers.
- BYOD Policy. Perhaps you have recently permitted employees to use their personal smartphones for work, if so, a Bring Your Own Device policy is needed to govern the use of employee-owned phones in the workplace. Not sure if you want to allow personal phone usage? Click here for recent research and pros and cons of even having your employees use their own smartphones for work.
In addition, it is a good idea to test certain IT policies and procedures before the review process. For example, you could test the IT disaster recovery plan and procedures by holding a drill. This allows you to identify any issues that need to be updated (e.g., phone numbers that are no longer correct). The drill will allow employees to become familiar with the process and lessen employees’ stress in the event of an actual disaster. A good plan understood by all, ultimately will lead to a faster recovery time.
Make sure your IT policies are clear, reviewed annually, are current with the times, and consistently enforced throughout your workplace and with your on and off-site employees or subcontractors. As always, its good to have each employee sign off that they have read and understand the existing and revised policies and procedures to help protect your company.