I.T Policies Every Business Should Have

I.T. Policies Every Business Should Have

Every company that uses computers, email, the internet, and software on a daily basis should have information technology (I.T.) policies in place. It is important for employees to know what is expected and required of them when using the technology provided by their employer, and it is critical for a company to protect itself by having policies to govern areas such as personal internet and email usage, security, software and hardware inventory and data retention. It is also important for the business owner to know the potential lost time and productivity at their business because of personal internet usage.

Consider the following scenarios, which are not uncommon in most companies:

  • Carol, in the marketing department, has a nine year old daughter who is selling gift wrap for her elementary school's annual fundraiser. Carol sends an email to the entire company letting everyone know the catalog is in the break room and they should email their orders to her within the next week. Is this an appropriate use of the company email system?
  • In the purchasing department, Bob's acquisition software is being updated. Unable to access it and thus perform one of the many functions of his job, he decides to surf the web while he's waiting for the updates to complete. He heard about a controversial video involving a celebrity and decides to see if he can find it. In the process, he finds several pornographic websites that catch his attention. Is this an appropriate use of the internet at work? What are the ramifications for Bob if a co-worker sees what he's found online? What are the ramifications for the company if that co-worker files a sexual harassment suit as a result?
  • Jennifer has just been hired as the first in-house graphic designer for a non-profit organization. Her start date is in one week and she needs to be ready to hit the ground running to design and produce a brochure for their capital campaign. She needs a Macintosh computer complete with graphic design software as well as email, internet access, word processing capabilities, and access to the network for shared files. Who will be responsible for purchasing, configuring, and maintaining her computer?

Without written policies, there are no standards to reference when both sticky and status quo situations arise, such as those highlighted above.

So, what exactly are the I.T. policies that every company should have? There are six areas that need to be addressed:

  1. Acceptable Use of Technology: Guidelines for the use of computers, fax machines, telephones, internet, email, and voicemail and the consequences for misuse.
  2. Security: Guidelines for passwords, levels of access to the network, virus protection, confidentiality, and the usage of data.
  3. Disaster Recovery: Guidelines for data recovery in the event of a disaster, and data backup methods.
  4. Technology Standards: Guidelines to determine the type of software, hardware, and systems will be purchased and used at the company, including those that are prohibited (for example, instant messenger or mp3 music download software).
  5. Network Set up and Documentation: Guidelines regarding how the network is configured, how to add new employees to the network, permission levels for employees, and licensing of software.
  6. I.T. Services: Guidelines to determine how technology needs and problems will be addressed, who in the organization is responsible for employee technical support, maintenance, installation, and long-term technology planning.


Having policies and procedures simply for the sake of saying you have them is useless. It may make you feel better initially, but just wait until an issue arises for which no policy exists. Most importantly, you need to have policies with some teeth. They need to work for your company and your employees, and they need to be enforced. If you are not sure how to do this, your company may want to employ the services of a technology consultant that can make recommendations for policies according to how technology is used on a daily basis for your business.

Whatever you do, don't delay. It could cost you. Forrester, an independent technology research company, estimates that the average company (yes, even small ones) loses $1,250 per minute of downtime. If you are hit with a major disaster and have no recovery or backup policy in place, you could lose valuable time, money and even your business.