Technology management is complex. Clearly defined policies provide clarity. Below is a list of some of the more common useful policies for Canadian organizations to help you manage technology, security and expectations.
You can set aside time to create or review these policies for your business on an annual basis.
Depending on whether you allow staff to use personal devices to access company and client data or enforce the best practices of having only company owned computers touch company data, you may want to have some or all of these policies outlined in your company handbook.
It’s good practice to have all staff read each policy and provide a signed read receipt of understanding and agreement to uphold the policies. This can be a part of your new employee onboarding process.
New employees have a lot of information coming at them at once, and not all of it will be retained at once. As we learn in layers, reviewing the policies again during and at the completion of the probationary period can help new staff with awareness and adoption of these important policies.
Things change over time. We all forget details and would benefit from content refreshers. By holding quarterly or annual refresher meetings with your entire team, everyone can better understand important policies that protect your business.
If you prefer to minimize the number of meetings you hold, you can distribute the policies again and encourage staff to review asynchronously.
Remember to update and modify documents as needed.
Good Policies To Include In Your Policy Manual
The legal agreement defining the use of both personal and business cell phones to access company data or perform work functions. It should be documented, applied to every device, and in accordance with your compliance and security needs.
Staff Onboarding Policy
A set of procedures and policies which ensure that new employees effectively start with all the technologies needed to do their job. Should be custom by role, documented, followed, and refined with each new hire.
Staff Offboarding Policy
A set of procedures and policies which ensure that exiting team members leave the organization with no remaining access. Should be used for every staff member exit.
The specific set of procedures and policies used to configure all new computers for your organization. The aim is to ensure similar builds to reduce friction, ensure all applications needed for work are installed from day one, administrative access to install any other apps is removed.
Apps should be vetted by IT staff prior to installation to ensure they meet your organizations compliance needs and, are in fact the authentic app, not a lookalike malware app.
Your organizations' approach to password enforcement, complexity, and management. A healthy password policy is established and defined in your company handbook and is implemented.
To improve password security, you can use a self-hosted password manager to reduce your risk and attack vector. We like BitWarden.
You can also improve security with password less access using Single Sign On across the software and apps your team uses the most. We do this for our Toronto Managed IT Services clients. Talk to us about IT management for your organization.
Acceptable Use Policy
A set of policies dictating appropriate use of company equipment, accounts, services and systems. High risk websites such as many social, entertainment and dating sites should never be accessed from company devices, even if using a personal log in.
Social Media Policy
The legal policy addressing modern social media account activity as it relates to your organization, typically defined in a company handbook.
Employee Monitoring Policy
Canadian organizations with over 25 employees may now be subject to legal requirements to disclose to employees if they are being monitored during work, and in what ways. Review your requirements and create a policy to share with staff and new hires.
Secondary Employment Disclosure Policy
With the rise of work from home, reports of staff working two jobs simultaneously have risen. You may wish to update your HR policies with clauses pertaining to a need for employees to disclose potential secondary employment so that your organization can assess risk, conflicts of interest, protected information etc.
e-Transfer / Wire Transfer Protocol
If e-transfers or wire transfers are used, the process should be documented, require authorization by multiple staff members and be regularly used. An increase in fraud is happening where false invoices and purchase orders are being used to steal money from businesses.
The set of policies and processes used to handle breaches. data leaks, financial fraud via cybercrime etc. Should be documented, well-defined, validated by a legal professional and reviewed regularly with all staff so they know what to do in the event of a breach.
Schedule time to create or update your policies to help protect your business. Share and discuss them with your team so that everyone can be a part of the solution.
For Comprehensive IT Services that include modern security and standardized practices for all the technology-based policies outlined above, speak to our team here at TUCU today. We help Toronto based business with IT Security Management.