IT Policies for Employee Handbook
Computer Sciences and Information Technology
I.T. Policies for Employee Handbook
Executive Summary
Red Clay Renovations is a large rehabilitation and renovations firm that has been in existence since 1991. Due to the increased demand among homeowners to modernize their houses technologically, Red Clay has taken up the initiative to include IoT to make homes “smart.” This company is privately owned within the city of Delaware and has invested a lot of effort to ensure that the firm remains compliant to the rules and laws of the state. However, it has come to the attention of the Chief Executive Office that the Employee Handbook could use some updates to farther improve how they execute their tasks and remain compliant to company policies. The company’s corporate counsel though it best to review the sections within the Handbook that seem to be insufficient. The Chief of Staff, under direct orders from the CEO, has overseen the drafts that have been made to propose the updates for the Employee Handbook. The areas covered included Acceptable Policy for Information Technology, Bring Your Own Device policies and Digital Media Sanitization, Reuse, & Destruction Policy. Each of the topics has been analyzed to show the employee obligations and responsibilities, penalties for going against the commitments and who is to be to take responsibility for overseeing that the policy is met. It is in the departments’ belief that these enhancements within the systems will enable the Information Technology element to be covered when it comes to compliance and cybersecurity.
Acceptable Use Policy for Information Technology
The increased use of technological devices may pose a threat to Red Clay Renovations since different kinds of ethical risks can crop up. Information Technology was introduced just the other day, but the speed at which it is growing makes it relevant for firms to consider the possible ethical problems that may be related to its use. People need supervision and direction when interacting with I.T. devices so that they avoid habits of abuse (Reynolds, 2018). An Acceptable Use Policy (AUP), is a document that states what is expected from users who interact with the company’s computing and networking system.
Employee obligations and responsibilities
Employees are expected to read the AUP document thoroughly before they sign it (Johnson, 2014). Their signature will mean that they accept the terms and conditions related to the use of the technological infrastructure within the organization.
Penalties for violations of the policy
Any employee found in violation of the acceptable behavior when using company computers and network systems may face suspension. In the case of extreme violations, the employee may face termination.
Who is responsible for compliance enforcement?
The Information Security Group of the company will be responsible for the AUP monitoring. They will be in charge of telling who is compliant and who is not. The legal and human resource departments will be in charge of the draft finalization of the AUP.
Bring Your Own Device Policy
Many firms accept the BYOD programs, including Red Clay Renovations. Due to the wide range of devices, including tablets, mobile phones, and laptops, companies find it efficient to allow their employees to use whichever they feel more comfortable with (Sammons, 2017). This helps reduce costs imposed on companies if they had to buy the devices themselves. However, the need for a policy that governs these external devices is crucial to protect company data.
Employee obligations and responsibilities
Employees are expected to take their devices that they intend to use within the scope of the working environment to the I.T. department. The I.T. department will then configure the BYOD system into their phones. Any device that is considered non-compliant should be left at the entrance and picked up after working hours. Under no circumstances should an employee possess a device that is non-compliant within their work station.
Penalties for violations of the policy
Employees found to violate the BYOD policies will most likely face termination since the company is protective of its data. If the employee is found in possession of company data within the device, they will face litigation and termination. Not only is company secrets within the list of data to be considered but also fellow employee data. Individual profiles will be considered as company profiles as well and those found in possession of it will be considered to be in violation and will face suspension.
Who is responsible for compliance enforcement?
The Data Administrator is in charge of the management of BYOD. They will be responsible for promoting data collection strategies, enforcing data policies, and modeling standards and procedures (Keyes, 2016). The systems in place that concern the BYOD must reflect the business management requirements of the organization.
Digital Media Sanitization, Reuse, & Destruction Policy
The purpose of this policy is to ensure that an organization is aware of the appropriate sanitation, reuse, and destruction of any digital media. Sanitation and destruction ensure that the data on any storage device is cleared off to the extent that it is not possible to reconstruct it to a usable point (NHS, 2019). Reuse is vital on cutting costs sine digital data is expensive. Threats such as data leaks could cost a firm millions of dollars or their reputation. Data privacy laws should be upheld and the firm will experience a breach of such is there is a leak in company or individual profiles.
Employee obligations and responsibilities
Employees are expected to adhere to sanitation, reuse, and destruction protocols as advised by management. One should be careful over how they use data they want to reuse through clear sanitation and disposal policies (Cobb, 2010). Sanitation and destruction may be done through erasing, shredding, or overwriting digital media.
Penalties for violations of the policy
Any employee found in breach of the acceptable digital media protocol when using company computers and network systems will face suspension. Going against the stated obligations could result in possible cyber threats and put the firm at a loss of control over the company’s organization assets.
Who is responsible for compliance enforcement?
The I.T. Supervisor will oversee the operations of corporate I.T. departments to ensure that the policy is enforced. They will install and maintain the required programs for destruction and sanitation. He will ensure that the existing technology is upgraded to meet up with current advances. This will give the firm leverage over competitors who may have reassembling software from reconstructing destroyed data. He/she will also ensure that any required data for reuse is recovered using the appropriate means.
Conclusion
In conclusion, updated I.T. policies within the Red Clay Renovations company’s Employee Handbook will ensure that the concerned parties are aware of what is required of them when it comes to matters of Use, BYOD, and Disposal. With these specific responsibilities and penalties in case of violations, it should be possible to control the actions of the employees and limit cybersecurity threats.
References
Cobb, M. (2010). Prevent data leakage with secure media reuse policies. Retrieved 1 September 2019, from https://www.computerweekly.com/tip/Prevent-data-leakage-with-secure-media-reuse-policies
Johnson, R. (2014). Security policies and implementation issues (p. 46). Jones & Bartlett Publishers.
Keyes, J. (2016). Bring Your Own Devices (BYOD) Survival Guide (p. 170). CRC Press.
NHS. (2019). Sanitisation, reuse, disposal and destruction of electronic media: good practice guide – NHS Digital. Retrieved 1 September 2019, from https://digital.nhs.uk/services/data-and-cyber-security-protecting-information-and-data-in-health-and-care/cyber-and-data-security-policy-and-good-practice-in-health-and-care/sanitisation-reuse-disposal-and-destruction-of-electronic-media-guidance-for-health-and-care-organisations/sanitisation-reuse-disposal-and-destruction-of-electronic-media-good-practice-guide
Reynolds, G. (2018). Ethics in Information Technolgy (pp. 66-67). Cengage Learning.
Sammons, J., & Cross, M. (2017). The basics of cyber safety (p. 17). Amsterdam: Syngress is an imprint of Elsevier.