Documents and LegaleseComputer Use Policy, Internet Policy, Computer Compliance Policy or even Email Policy – call it by many names, but the Electronic Communications Policy remains universally important to the employer and employee alike.

Here’s why.

What is an Electornic Communications Policy?

An electronic communications policy is essentially a document that stipulates fair use of company computers and infrastructure for employees. With the Internet being so prevalent today means are needed to manage how people in a workplace interact with it.

Among other things an Electronic Communications Policy stipulates what is the Email Policy for the company – are employees allowed to receive personal mails on work email adresses, for instance. It stipulates the Internet Policy – which sites are allowed to be viewed and when. Importantly it also contains the Computer Policy – what programs are to be installed on company computers, what is fair use for company computers – can the receptionist print out party invitations on the company printers?

The WRONG way of doing this.

In my work I interact with companies, and their IT nightmares, on a weekly basis. All too often an office manager or company owner will call me in a huff demanding to know where their Internet cap has gone. Once it is established that an ISP can not necessarily provide him with detailed usage statistics for every computer on his network he demands that we provide him with a way to monitor employees.

Enter the proxy server. We install a proxy server and now we are pestered on an hourly (no kidding – many clients are that insistent) basis to find out where the Internet traffic goes. Once it is established that our Napoleon can wield the sword of fear “I can see exactly what you are doing, Greg!” some poor soul gets drawn and quartered in a staff meeting “…*ahem*, and the Proxy server told me that _some_ of you have been spending a lot of time on Facebook, Daniel, and that simply will not be tolerated…”

This is not effective management, this is fear mongering and useless because Napoleon and all others like him are sorely missing the point.

More than a weapon for disciplinary procedures.

What narrow minded managers like our example above fail to recognize is that Internet management is just one small part of keeping your network safe and restricting Information Technology headaches. The moment someone comes in from the outside and plonks an infected Flash Drive on that same managers desk all hell can break loose. I have seen a virus bring a network to its knees in hours.

A well written and professionally prepared Electronic Communications Policy is more than just compliance management. It is more than a way to monitor employees. It is not a weapon to be wielded in disciplinary procedures.

An Electronic Communications Policy benefits employees, and management. It is a tool to stipulate fair use of company resources, and it is a safeguard for employees.

A simple statement in an ECP that says something along the lines of “Do not click on links in e-mail” or “All flash drives are to be scanned by the IT department before certified for use in the company” can avoid a lot of headaches.

And while these might be imperfect examples the idea remains sound.

Some Examples

Normally in an ECP you will see guidelines for the following among others:

  • Stipulations on what constitutes proper Internet Use and what constitutes abuse.
  • A whitelist (or blacklist) of allowed or disallowed websites.
  • Guidelines on e-mail use.
  • Rules pertaining to personal storage – flash drives, music players and external harddrives.
  • A stipulation on what programs are installed on company computers. This is normaly an absolute list, ONLY these programs and nothing else. Very useful for standardization.

I have seen companies where an Electronic Communications Policy has been utilized as a pro-active tool rather than a re-active weapon. Many of these eschew monitoring tools like proxy servers altogether, and money and time is saved in the process.

The RIGHT way of doing it.

Get a professional to draw up the document for you. Preferably someone with experience in both IT and labour law. Having worked in HR for a stint (long story…) I learned that in South Africa under our Labour Relations Act employers cannot simply introduce new conditions of employment or compliance policies to current employees. You will need help with the legalese to make sure both the employer and employee’s rights are looked after.

There are legal limitations to be considered with regards to employee email monitoring, for instance.

A good Electronic Communications Policy will serve not only as a guide to the users, but also serve as protection for the employer when one of the employees misbehave. Trust me, it is easier to deal with someone who downloaded the latest Iron Man torrent when you have a proper ECP in place, and it is also easier to deal with an angry Internet Service Provider when they complain about misuse of the Internet on their network. Chances are that you signed something similar to an Electronic Communications Policy (sometimes referred to as a “Fair Use” policy by Internet Service Providers) when you had your Internet connected.

Summary.

Remember, you do not want to build a gaol. You want to provide guidelines for your staff that will help them to be good responsible computer users. The direct result of this will be that you have less headaches, and spend less resources on policing a broken system.

No related posts.