Courtesy navigation

IT policy FAQs

Eight FAQs on IT policies.

  1. Why does my business need an IT policy?
  2. How can IT policies benefit my staff?
  3. Which areas should my IT policy cover?
  4. How many policies do I need?
  5. How do I write a policy?
  6. Where can I get help to write my policy?
  7. How do I implement an IT policy?
  8. How can I make sure my policy remains relevant?

1. Why does my business need an IT policy?

Like any other effective employment policy, it removes ambiguity over what is expected of your employees during working hours.

Setting boundaries can help maximise productivity by making sure staff are doing what they should be doing, when they should be doing it. Sound IT policies can also protect your customers and ensure your business doesn’t end up in court and out of pocket as a result of illegal acts by your employees.

Policies can also help safeguard your business in other ways - for example, by protecting your data and intellectual property.  

Back to top

2. How can IT policies benefit my staff?

Having clear rules about use of IT in your business means employees will know what they can and can’t do. This should minimise the risk of problems which could lead to disciplinary action or dismissal.

On an everyday level, the growth in the popularity of the internet - and particularly social networking websites - means many employers have had to write or update their IT policies to provide guidance.  

Back to top

3. Which areas should my IT policy cover?

It depends on the nature of your business and the scale and complexity of your IT. You might store information about your customers, in which case your policy will need to ensure employees observe data protection rules.

As another example, you might have to manage employees who work from home or who use one of your laptops when visiting clients. IT policies usually offer clear guidance on these areas:

Back to top

4. How many policies do I need?

Again, it depends on the nature of your business. Smaller businesses with basic IT usage could go for one catch-all policy that conveniently and succinctly covers off all major requirements.

However, should your needs be more complex, several detailed policies might be required. Whatever you choose, the language should be concise, direct and easy for employees to understand – that’s the whole point.

Back to top

5. So how do I write a policy?

Begin by carrying out a risk assessment. Looking at what could go wrong enables you to think about preventative steps. If feasible or necessary, speak to your employees when carrying out research; then you might have a better chance of gaining their support for the resulting policy.

Be sure to explain why having an IT policy is a good thing both for your business and for them. Your research might even uncover better ways to do things.

Create a first draft of your policy and then try to read it through from your employees’ perspective. Seek a second opinion from someone you trust who is qualified to give one (like another senior manager with people-management experience).

Crucially, your policy should be comprehensive enough, leaving no room for doubt. It should clearly explain what is not permitted and why, and set out the likely consequences if your policy isn’t observed.

Back to top

6. Where can I get help to write my policy?

You might not have the time, inclination or knowledge to research and write your own employment policies. Don’t worry - an HR consultant might be able to provide a cost-efficient solution that is fully tailored to your circumstances.

Acas provides advice on how to write a social networking policy. Free, example employment policies are available to download, but the quality and reliability of such documents can vary, so be warned.

Back to top

7. How do I implement an IT policy?

You’ll stand a much better chance if your employees understand why you are implementing it (to protect both parties).

It’s not enough simply to distribute hard-copy documents or email them to employees; you’ve no guarantees they will be read and this could be used as a defence. It’s better to call a short staff meeting to explain why the policy is being introduced and talk through its key requirements.

Where possible, use everyday examples to illustrate points and invite questions if anyone is unsure. Leave a copy of the policy permanently in a place that is accessible to all. As soon as they join, issue all new staff with hard and electronic copies of your policies for future reference.

Back to top

8. How can I make sure my policy remains relevant?

Annual reviews can be effective, because things change. Policies can be quickly updated, but make sure your staff are made aware of all changes and explain why they are necessary.

Also invite your staff to feedback with any problems they encounter while working with your policy. It may not be as ‘black and white’ as you’d hoped, so you might need to make changes to update your policy or make it more workable in practice.

Back to top

More about IT policies

Find more articles, videos and tools on your IT policies in the Resources box on the right.