Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Creating IT Policies 5

Status
Not open for further replies.

mspain

IS-IT--Management
Mar 17, 2002
100
US
Hello All,

I am in need of some advice from some professionals. I am currently working at a small company (though we are slowly growing!) and basically I am in the position of Systems Administrator.

This is a new position at this company as the need finally came around for someone to be dedicated to this position. Any way, I am basically in charge of everything IT related and as such I have to start coming up with policies and documentation for IT procedures and practices.

Problem is I'm not really sure where to start. This is the first time I've had to do something like this and there is no previous documentation available (as I said this is a new role at this company and pretty much everything IT related in the past was done on the fly).

So, I was hoping for some input. Where to start, what to cover, what to think about, examples if possible.

Any help would be greatly appreciated!
 
First policy should relate to system security and should define what actions employees are forbidden to do for security reasons. Things like what internet access is permitted and what is not, how often passwords need to be changed and what constitutes an acceptable password and reminders not to ever share passwords with anyone else, etc.

Another policy should relate to data backup, how and when is data to be backed up.

An email policy is usually a good idea including what is acceptable content for email signatures (nothing religious or political for instance, some companies havea a standard signature to ensure nothing unporfessional is sent out on signatures), also the policy on sending and receiving personal emails through the work email, the policies concerning sending spam (like chain emails).

A policy on procedures to report IT problems is good to have as well.

"NOTHING is more important in a database than integrity." ESquared
 
I would also add a statement that there should be no expectations of privacy when using company resources.

"Employees may not expect or assert a right of privacy in connection with any company-owned assets. E-mail, voicemail, Internet records, or any other electronic transmissions are to be treated like shared paper files, with the expectation that anything in them is available for review by authorized company representatives."


Susan
"When the gods wish to punish us, they answer our prayers." - Oscar Wilde, An Ideal husband, 1893
 
This is a difficult one for a couple of reasons.

As a Sys Admin you should be following process and procedure, not making it.

You should ideally be getting the company management team involved in the creation of the policies (for instance User Acceptance, Email, Net Usage etc), after all its them that need to dole out any punishments for non compliance.

I think you need to clarify your position here, if you're defining policy then you're not a sys admin, you're a head of IT and they are wildly different positions with different responsibilites.

Policies and Procedures I would be interested in were I you (in no particular order):-

Backup
IT Reporting (faults etc)
Email
BCP (Business Continuity Plans)
Internet
User Acceptance Policy for Company resources
Telephone Usage
Equipment Ordering
Starters and Leavers procedures (after all you don't want Joe Bloggs still having access to company records 6 months after he left).

Doing this can open a can of worms if not done correctly and with the backing of the board.

SimonD.

The real world is not about exam scores, it's about ability.

 
IT Policies are notoriously tricky to write and police. We've spent quite a lot of time devising ours, and while I can't copy them here I'll post the structure (index) we've used in the hope that it will be of use. You'll have to fill in the detail yourself!

SECTION A – MANDATORY CONTRACTUAL OBLIGATIONS
A1 Acquisition, Delivery and Installation of Software and Hardware
A2 Management and movement of Software and Hardware
A3 Disposal of Equipment
A4 E-mail and Attachments
A5 Security
A6 Data Protection and Privacy
A7 Equipment and Software Use and Auditing
A8 Corporate Intranet
A9 Support for non-[COMPANY] Employees
A10 Support for Home and Remote Users

SECTION B – WHAT STAFF SHOULD AND SHOULD NOT DO
B1 Management and movement of Software and Hardware
B2 E-mail and Attachments
B3 Security
B4 Equipment and Software Use and Auditing
B5 Backup/Maintenance
B6 Corporate Intranet

SECTION C – INFORMATION TO BE AWARE OF
C1 Acquisition, Delivery and Installation of Software and Hardware
C2 Management and movement of Software and Hardware
C3 Disposal of Equipment
C4 E-mail and Attachments
C5 Security
C6 Data Protection and Privacy
C6.1 CCTV
C6.2 Monitoring of Use of [COMPANY]’s IT Facilities
C6.3 Automatic Monitoring of Staff Communications
C7 Equipment and Software Use and Auditing
C8 Backup/Maintenance
C9 Disaster Recovery
C10 Support for non-[COMPANY] Employees
C11 Support for Home and Remote Users

hth
John


I've got a stepladder. It's nice, but I wish I knew my real ladder.
 
John,

That's a great post. Hava star.

Fee

"The cure for anything is salt water – sweat, tears, or the sea." Isak Dinesen
 
This will help, I started here and used information to create policies of my own.


Simon I agree as a System Admin. you should be following management direction. However this is a small company and I bet mspain does everything from wiring to implementing the new exchange server.

Gb0mb

........99.9% User Error........
Ubuntu -- African for I can't install Gentoo
 
SQLSister said:
An email policy is usually a good idea including what is acceptable content for email signatures (nothing religious or political for instance, some companies have a a standard signature to ensure nothing unprofessional is sent out on signatures), also the policy on sending and receiving personal emails through the work email, the policies concerning sending spam (like chain emails).

Sounds familiar [smile]

One way to handle all disclaimers and signatures is with an app called eXclaimer ( that supplies boilerplate disclaimers and signature templates, with or without the corporate logo. It worked wonders for me.

Tony

Users helping Users...
 
Yeah Tony, I thought it might.

"NOTHING is more important in a database than integrity." ESquared
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top