Businesses that use computers, email, internet, and software on a regular basis should have IT policies in place. Employees need to know what's expected of them when using technology provided by their employer
Companies need to protect themselves by having policies to control: personal internet and email usage, security, software and hardware inventory and data retention. Without written policies, there are no standards to hold your staff accountable.
So, what IT policies should every company should have?
Acceptable Use of Technology: Guidelines for the use of computers, telephones, internet, email, and voicemail and the consequences for misuse.
Security: Guidelines for passwords, levels of access to the network, virus protection, confidentiality, and the usage of data.
Disaster Recovery: Guidelines for data recovery in the event of a disaster, and data backup methods.
Technology Standards: Guidelines to determine the type of software, hardware, and systems will be purchased and used at the company, including those that are prohibited (for example, instant messenger or mp3 music download software).
Network Set up and Documentation: Guidelines regarding how the network is configured, how to add new employees to the network, permission levels for employees, and licensing of software.
IT Services: Guidelines to determine how technology needs and problems will be addressed, who in the organization is responsible for employee technical support, maintenance, installation, and long-term technology planning.
Having policies and procedures simply for the sake of saying you have them is useless. Polices need to be relevant, maintained and enforced. Forrester, an independent technology research company, estimates that the average company (yes, even small ones) loses $1,250 per minute of downtime. If you are hit with a major disaster and have no recovery or backup policy in place, you could lose valuable time, money and even your business.