We use cookies on the site to improve our service. By clicking any link you are giving consent for use of cookies. Click here for more information
Personal
Business
2
staff-policies

Staff Policies

When employees have access to the internet at work, there are serious risks involved. They can download viruses, create legal liabilities, gain unauthorised access to critical information and, potentially, leak it. There is also potential for considerable timewasting and lost productivity. Good technical security and staff training can help. Good staff policies are also essential because they make it very clear what is acceptable and what is not.

This page presents an overview of the key issues. You should consider seeking professional advice in drafting staff policies and changes to employee contracts. It is also worth obtaining advice about how to introduce new policies to staff and combine them with a training programme.

What to Include in an Acceptable Usage Policy

  • When private internet use is acceptable.
  • What kinds of material are off limits.
  • How confidential information should be treated.
  • Use and care of company property such as laptops.
  • Rules about remote access to the company network.
  • Guidelines about installation of programs and software piracy.
  • Security guidelines such as the use and safeguarding of strong passwords.
  • A ban on sharing and downloading copyrighted material.
  • Details of any monitoring activity you will undertake, if any.
  • The consequences of breaching the policy.

What to Include in an email Policy

  • Disclaimers on emails (for example “The contents of this email are intended for the recipient only. If you have received it in error, please delete…”).
  • Whether a manager’s sign off is required for access to and content of external email.
  • Additional guidelines, if appropriate, relating to the Data Protection Act; email and distance selling legislation and libel laws.
  • How to handle confidential information when sent by email, including whether or not email is the appropriate communication channel and whether it should be encrypted.

How to Prepare and Implement a Policy

  • Establish the risks.
  • Undergo any necessary consultation on the proposed policies to ensure practicality and legality.
  • Strike a balance between practicality, trust and control. 
  • If you use an off-the-shelf policy, make sure that it applies to your circumstances and that it is easy to understand. Make changes and simplify where necessary.
  • Include new policies in staff handbooks, the new employee induction programme and, where appropriate, on the company intranet.
  • Ensure parity with disciplinary procedures, employee contracts and other policies such as non-discrimination.
  • Circulate the policy once it is finalised and ensure that it is readily available.
  • Someone in the company should be responsible for implementing and monitoring the policy.
  • Review the policy regularly to ensure it is always current and relevant.

Further Information

View and download a sample Acceptable Usage Policy.

 

See also...

 

Business Security Plan
Why security planning is important, and what to include.

Staff Training
Make sure all employees are correctly trained in security awareness.