An IT policy gives everyone in the company a clear idea of what they can or cannot do whilst using the companies IT system. This not only details the rules for users but also gives a framework for management to enforce. If you are managing people it is only fair to show them the rules first, whilst also clarifying the details for management.
Remember an IT policy can be enhanced and built upon as technology changes but you need to start with the basics
An IT policy should consist of the following
- Acceptable Use of Technology: Guidelines for the use of computers, fax machines, telephones, internet, email, and voicemail and the consequences for misuse.
- Security: Guidelines for passwords, levels of access to the network, virus protection, confidentiality, and the usage of data.
- Disaster Recovery: Guidelines for data recovery in the event of a disaster, and data backup methods.
- Technology Standards: Guidelines to determine the type of software, hardware, and systems will be purchased and used at the company, including those that are prohibited (for example, instant messenger or mp3 music download software).
- Network Set up and Documentation: Guidelines regarding how the network is configured, how to add new employees to the network, permission levels for employees, and licensing of software.
- IT Services: Guidelines to determine how technology needs and problems will be addressed, who in the organization is responsible for employee technical support, maintenance, installation, and long-term technology planning.
A fantastic resource is available from https://www.ittoolkit.com/