[ILUG] Office IT policy document

Thu Apr 21 10:41:03 IST 2005

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


	   Hi,

	What do you hope to gain from such a document? What are the aims of
this document? It sounds like you've been given a job to do because some
layer of management has heard that other companies have IT policies and
that they are 'good things(tm)' - without really understanding what a
written policy might be there to achieve / prevent.

	Generally there are some catch-all protect-our-ass type clauses, e.g.:
	- Office IT equipment will be used only for the purposes of company
business.
	- No pornographic, racist, sexist, defamatory or otherwise
inappropriate or illegal material may be stored or viewed using office
IT equipment. (You'll need to define 'inappropriate' for your needs.)

	Then, there may be some specific clauses, e.g.:
	- The printer on level 2 is for the use of HR only.

	Often, some common sense / money saving type clauses sneak in:
	- Mobile phones are only to be used when you are necessarily away from
a desk phone. Please use desk phones if possible.
	- Use the colour printers only when colour is strictly necessary.
	- Do not share your logon credentials, passwords or PINs with any other
individual or oganisation, even the IT department. (This is something I
think neds to be beaten into users with a stick! Or perhaps the IT
department should be beaten until they realise they don't ever NEED to
be told my password - they have root ;-)  )

	Usually, some ownership things are there, e.g.:
	- Corporate IT equipment remains the property of $our_corp at all
times. In the event of termination of employment with $our_corp, all
mobile phones, laptops, computer media, hard & soft copies of
documentation and $other_things must be returned.

	Sometimes, it's appropriate to put some security and/or anti-viral
clauses in, e.g.:
	- Only authorised corporate IT equipment may be attached to the
internal network.
	- Corporate laptops and desktop MUST run the corporate anti-virus
software at all times.
	- All computer media must be signed in and out of the building and
destroyed (using $technique) when it is no longer needed.

	You have, of course, an opportunity to add anything else that might be
appropriate. e.g. All desktops must run the standard IT build of either
$linux_distro or $apple_distro or whatever.

	Hope this has helped you somewhat. Each corporate IT policy I've seen
(and/or written or contributed to) has been quite different. Before
putting pen to paper, think about what you want the IT policy to achieve
first, then think about how you're going to go about achieving it. Much
of the reasoning behind written policies on things like IT is so that
corporates have a legal protection against staff who abuse IT resources
- - but you may wish to achieve more, or different, objectives with yours.

	Best regards,
	-->Gar


Niall O Broin wrote:
| I have been asked to write a document detailing an office IT policy,
| which is currently non existent. This document is to address every
| aspect of IT usage in the office viz. hardware, operating systems,
| applications, networks, printing, internet access etc. etc.
|
| I'm thinking that somebody out there might have some sample documents I
| could look at. I did ask Uncle Google, but nothing I found so far is
| really what I want, though there are rather a lot of policy documents
| out there.
|
| Oh - numerous Linux boxes will be covered by this document, so this
| request isn't THAT O.T.
|
|
|
|
| Niall
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFCZ3UtK36C50PvIR8RAvHUAJ9w15dlNmrYrPdaOlIMnfFyQwHRVwCeL1Vw
5nX8FxOI9l4oEIvJwGVTrvM=
=2V7e
-----END PGP SIGNATURE-----