The Importance Of End-User Policies And Procedures Part VI
- 1
- Add a Comment
When you want to inform end users about what is acceptable and what is prohibited on your company’s network, you can use two documents. One is a general Acceptable Use policy; the other, dubbed the Network Usage Guidelines, is a more specific document that changes according to the current needs.
After a user reads and signs a contract stating that they have read and understood these documents and agree to keep themselves informed about changes to the Network Usage Guidelines, you can then issue users passwords and train them. Training, in this case, means a quick overview of the e-mail system, confirmation that users can actually get into their network folders, and a focus on what the usage policy means in practice. If users understand the reasons behind the decisions, they are apt to accept them more readily.
But what if you are introducing a new policy to an existing group of users? The first step in ensuring user buy-in is to make sure the policy is clear, understandable, and free of vague terms.
In Internet usage policies, for example, you do not want to use terms like “morally objectionable” when describing unacceptable types of downloads or browsing habits. That would leave the documentation open to interpretation, something you definitely do not want. You have to drill down as much as possible to define what you mean by terms like that. If you do not want users to download MP3s or file-sharing software, then say that. Avoid dictatorial wording. Phrases like “you WILL do this becauseā¦” can sabotage your efforts and make users less likely to adapt to the new rules.
If an employee knowingly breaks a policy rule once, begin with a strong reprimand. If the behavior continues, you are covered-you have a company-sanctioned Internet policy signed by that user that you can use as grounds for dismissal.
One Comment
mhz
May 8th, 2008
at 12:28pm
This is a good series. I posted a note back on article #2 saying how the ability to enforce these policies can come and go, in a sort of push/push back activity between IT management and the end user management.
It is notable that you are devoting a lot of words to making sure that your readers recognize the need to communicate their intentions, and allow for end-user feedback when deciding how/when to implement restrictions.
I think the cycle of push/push back in my organization really got started because of a lack of that kind of communication. Now its in full swing, which makes the IT life more difficult, and also is bad for security, since users are now more apt to get what they want, even if it puts them and the organization in danger.
Reading your article today I realized that, if I were to jump up and leave for another company, I have all the technical tools/knowledge/abilities to set up and administer policies, etc. at a new site, but I don’t have the usage/guidelines end user education documents that go should go with it. Thanks for treating this subject in depth.