Many companies rely on IT to help run their businesses. For this reason, they often depend on a set of IT policies to ensure the productive,
appropriate, and legal use of IT resources. IT policies establish expectations and regulations for behavior related to company computers and
In addition, IT policies detail consequences for employees or customers in the event of a policy violation. The proper enforcement of IT
policies may also provide a basis for defence in the event of a lawsuit.
Here are six common IT policies to help protect your company:
1. Acceptable Use Policy
An acceptable use policy, or AUP, restricts use of a company’s network or services. AUPs prevent illegal activity, ensure security, and
safeguard the reputation of the company.
AUPs also outline the consequences of breaking the rules. A common penalty is restricted or permanent loss of access to the associated
network or service.
Privacy policies protect the personal information collected from a company’s customers and employees. Personal information includes anything
that can be used to identify an individual. Names, social security numbers, credit card numbers, email addresses, and even photos of
individuals are considered personal information.
Privacy policies typically document how personal information is collected, stored, used, and disposed of. Privacy policies may also disclose
when personal information is shared or sold to third parties.
3. Data Governance Policy
Data governance policies describe how data is managed as it passes through company systems. Specifically, these policies document how a
company makes sure that data is accessible and secure, as well as accurately collected and properly maintained.
Data governance policies also identify the people responsible for the quality and security of company data. They might also mention any
third parties that play a role in the company’s data management plans.
4. Disaster Recovery Policy
A disaster recovery policy outlines the broad requirements of a company’s disaster recovery plan. These policies identify critical data and
responsible departments or staff. They also specify allowable downtime, as well as how to ensure business continuity in the event of
Disaster recovery plans are usually created by senior IT staff. However, the specifics of data recovery plans are normally left to those
designing and executing the plan.
5. BYOD Policy
A BYOD policy, or Bring Your Own Device policy, is an IT policy that governs the use of personal mobile devices in the workplace. BYOD
policies are becoming increasingly important, with study after study showing the dramatic shift of personal mobile devices into the
Specifically, BYOD policies state the degree to which personal mobile devices are allowed within the workplace, what can be done with these
devices, and how the company will support them.
6. Social Media Policy
Social media policies govern employee use of social media both in and out of the workplace. These policies define how a company will manage
and monitor the online behavior of its employees. They also set forth any company expectations regarding the nature and tone of information
As a result, social media policies are sometimes perceived as repressive. However, they can actually empower employees by letting them know
what can and cannot be posted. Striking a balance between the needs of the company and employees is the key to a successful social media
If you’d like any further information, assistance around IT policies or you don’t know where to start please call us on 1300 478
email us atÂ Â firstname.lastname@example.org.