by December 2, 2003 0 comments

While the word corporate IT policy sounds very fancy, it’s nothing but a broad set of rules that you should define to manage your IT infrastructure. They’re like any other set of dos and don’ts you would have defined for your employees. Since every organization has its own specific set of rules, it’s not possible to draft a common IT policy that fits everyone’s requirements.

Therefore, we’ll take up some key areas in IT, and give a few rules that you may want to use. These should define what employees are allowed to do and what is out of bounds, reduce misuse of company resources, optimize resource utilization, protect the organization against risk of legal liability, and help create a safer work environment. These general guidelines should be given to each employee at the time of joining.

System usage: 
l Don’t give out your password to any one, including the system administrator. It’s your own and should be guarded carefully 
l Don’t install any extra software on your system from external sources such as the Internet, or your personal CDs and floppies. This could have malicious code that could destroy data on your system, or even spread it to other systems on the network 
l If you find a problem with your PC, don’t try to fix it yourself. Call the support staff and lodge a complaint 
l Shut down your system when you’re leaving for the day to save power 
l You’ve been given a user account and password to login to the file server. Change your password periodically. Don’t make your password easy to guess, such as your initials, your wife’s, kids’ or girlfriend’s name 
l Don’t store your personal data such as family photos, songs or videos in your home directory on the file server 
l In case you need to share files with somebody else on the network, then don’t send it by e-mail or share your directory. Put it in the common folder on the file server, and ask the recipient to delete it after taking it 
l Don’t leave critical documents in the common folder of the file server 

Internet usage: 
l Use of public IMs such as Yahoo and MSN is strictly prohibited (or permitted) 
l Don’t download unnecessary software, songs or videos. These take up significant Internet bandwidth 
l Use of public e-mail services such as Hotmail and Yahoo is not allowed 
l Installing software such as Kazaa and download accelerators is not allowed 
l Don’t visit objectionable Web sites containing bad language and pornography, Web site access is monitored centrally and anyone found to be doing so would be sent a warning
l Visiting casual Web sites is not permitted during office hours 

E-mail Usage: 
l While everyone likes to read a good joke once in a while, please don’t make it a habit. Avoid sending jokes to huge mailing lists
l If you get a mail that’s been forwarded to a long list, don’t hit the ‘Reply All’ button if you only need to inform the sender 
l Avoid sending huge attachments in e-mail, unless it’s official. Also, even if it’s official, avoid sending it to a colleague in the same office. If you must send a mail, then save the attachment on the file server and send a plain mail intimating the recipient to pick it up 
l Subscribing to many news sites on the Web with your official mail id. These are a major cause of spam 
l Don’t reply to any spam mail, even if it gives instructions to do so. This will actually confirm your presence to the spammer and you could be spammed even more 
l Be wary of opening e-mail attachments, unless you’re sure that it’s from a reliable source, and that you were expecting it. If necessary, call up the sender to check 

Network Usage: 
l In case your system is not able to access the network, don’t try to tamper with the network settings and cables. Call the support staff instead 
l Trying to access areas that you’re not authorized is strictly prohibited, and could have legal implications if you’re caught doing it 
l Don’t send unnecessary traffic on the network, such as chain mails 


They are nothing but a set of rules that define how your IT infrastructure should be used, so don’t get caught in the jargon 
Identify a set of general guidelines and policies for specific areas such as Internet, e-mail, network, and desktop usage 
Communicate to the employees what they’re allowed to do and what is out of bounds 

Specific policies
Besides the general rules, you may want to create specific acceptable usage policies (AUP) for various areas, such as those we just mentioned. In each document, define the policy’s purpose, scope, who does it apply to, and the specific points. For instance, the scope for e-mail AUP could include all e-mail related to the company that’s on servers, workstations and personal laptops. It could cover e-mail of all employees, contractors and any other associates on equipment, which is owned and is in the jurisdiction of the company. The specific points in the policy could be of ownership of all e-mail, authorized usage, user accountability, message monitoring and privacy, mail forwarding and purging. Points for the Internet access could be on proxy and cache, content filtering, monitoring and instant messengers.

Since both Internet and e-mail are a must for every organization today, they can be a boon if used for business purpose or research. However, it can prove to be the exact opposite if misused. Your Internet bandwidth could be choked, thereby reducing employee productivity. Getting into some finer points, if you allow the use of public IMs for instance, then perhaps you should allow only a single type of IMsuch as Yahoo or MSN. If you have already allotted corporate e-mail ids, then you may want to restrict access to free e-mail sites. 

Lastly, keep in mind that rules are a way to improve your general working environment, and this should be made clear to the employees.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.