Technology has become an integral part of our daily lives. As businesses and their employees rely more and more on information technology, the need for every business to have well-defined IT policies grows. IT professionals sometimes see policy as a waste of time, another example of bureaucracy run amok. Users often see IT policies as another restriction and big brother watching them. Neither is the case. The goal of strong IT policy is not to hinder anyone. Rather, policies protect a business' data and equipment and save time and money.
In the recent past, a business' worth was tied to physical assets like its factory and products in stock. Today, companies' intellectual property and business data are paramount. IT policies are needed to protect valuable data. IT administrators or end-users can unknowingly install malware or bring an infected computer onto your network. Without IT policies to restrict such actions, this malware can spread and delete your data or even steal it. Even without malware infections, your data could be deleted accidentally by staff. In cases like this, IT policies governing exactly who can access a directory and what folder permissions they have can make all the difference.
Your business' servers and desktop computers represent a sizeable investment and a large piece of the annual budget. Infrastructure and productivity equipment can be damaged by well-meaning staff if there is no IT policy governing usage. End-users, for example, sometimes like to tinker with desktops, printers, etc. to try to fix these items themselves rather than wait for assistance. IT policy telling users not to alter physical equipment in any way will fix this situation. Users can also damage their desktops with viruses and other malware. Policies are needed that both govern the sites they can visit and what kind of removable media that they are allowed to bring to the office.
Your users aren't the only staff that can damage hardware. IT staff can also harm equipment, and on a much greater scale. IT policy is needed to control what type of hardware and software alterations are allowed and how IT staff carries out these repairs. Change log guidelines and testing plans are integral to properly safeguard infrastructure equipment, and these can be controlled with IT policy.
Save Time and Money
A business' data and equipment aren't the only resources that need to be protected by IT policies. Leaving a network and its hardware unprotected by policy also results in staggering losses in productivity. Consider just one real-life example:
An employee bought a BlackBerry and had the salesperson at the phone store configure it to access company email through Outlook Web Access, storing his network password. Three months later the employee changed his password but didn't consider the BlackBerry. The handheld device tried several times to connect until it locked out his account. He called the helpdesk and their technician couldn't figure it out. The helpdesk tech escalated the work order to a systems administrator, who tracked server logs to find the source of the lockouts. Eventually the engineer was able attribute the lockout to the BlackBerry and worked with the guilty party to fix it. Think about the loss of man hours for two members of IT staff plus one employee, unable to work due to a locked account, and you can see where thorough IT policy to govern this type of issue is a must.
Business systems are constantly at risk, and IT policies are a great first step in protecting them. IT policies aren't just an IT issue; they are a whole-business issue. As companies increase their reliance on technology, they need to increase their policies and procedures as well if they want to protect their valuable resources.