Social Enterprise

Policy creation often falls on IT leadership

With social networking policies becoming the bailiwick of IT in small to medium-sized companies, IT leaders may need some help.

A TechRepublic member recently wrote to me with a common complaint -- his IT department has historically been tasked with creating policies to guide employee behavior when it comes to use of equipment (security policy, software installation policy). But with social networking and blogs, things have gotten more complicated.

Employees have the means to put any thought or data out there for the world to see. And because the line between work and private life has become more blurred with mobile devices, what they're saying and where they're saying it can cause a company quite a few headaches.

Every company now needs policy guidelines as to what an employee can and cannot say on a social media platform, but as stated in this stealthmode blog, "it's when we get into the employee guidelines for social media that we can get into trouble in the enterprise."

Some companies are large enough to foist the task of creating policies off on the Legal Department. But small- to medium-sized companies don't have that luxury. The TechRepublic member who wrote to me asked if I knew of any free or cheap resources for creating social networking policies.

We have a sample of a simple social networking policy located here for free. I did some research online and found one product that contains about 20 policy templates specific to social networking, including a policy for Facebook use, one for LinkedIn use, one for corporate or personal blogging, etc. There are also some PowerPoint presentations scattered in for IT pros to use to introduce the policies to end users. You can click here for more information on what is included and how much it costs.

About

Toni Bowers is Managing Editor of TechRepublic and is the award-winning blogger of the Career Management blog. She has edited newsletters, books, and web sites pertaining to software, IT career, and IT management issues.

11 comments
advocate
advocate

You have a broken link to the social networking policy.

Jonb123456
Jonb123456

I tried both links to additional resources and both are broken. Would you please repost the links. Thank you.

rldinwiddie
rldinwiddie

I don't understand why someone in IT would complain about having this responsibility. As an IT Director, I WANT to write the policy. Why? A couple of reasons jump to mind: 1) Who is better qualified to know and understand the threats facing your company & employee's and the best methods - or policies - to protect them? and 2) I'm the one that's going to be held responsible for implementing the defenses to help enforce the policy (yes, I totally agree it's the responsibility of ALL managers to enforce it, but who has to implement the web restrictions, access rights, etc? ME and my staff), therefore, I want to make sure the policy is doable, logical, and complete. Thank you for the links (hopefully fixed by now) to sites that can help the inexperienced policy writers (also something for us "old-timers" to read and get some ideas from).

gsitton
gsitton

Agree that I.T. should be part of creating this, however it's the business that should also be driving it. Most in the I.T. department will only look at things that effect bandwitdth, virus etc and we will base the policy on that. Where these types of policy is based on business requirments like sharing of confidential information, how to promote the comapny and show a good face for the company etc. We need to be apart of it but not the ones driving it.

yurig
yurig

Why does it seem that with the introduction of new technology a new policy has to be introduced? Don't organisations have a staff code of conduct that applies to all activities related to the relationship between the employer and the employee. As many other IT departments we were asked to introduce a social network policy, but after a few debates and adjustment to the code of conduct was all we needed.

GibsonCRG
GibsonCRG

rldinwiddie has it exactly right - I would not want anyone but IT to create this policy. While legal guidance is helpful to ensure that all the appropriate areas are touched on, I shudder to think of what a non-IT pro could come up with (which IT would then be tasked with--probably unsuccessfully--implementing). Policy creation is also something that any seasoned IT manager should have under their belt - and is something I can't imagine any executive-level IT pro wouldn't have done dozens of times already in their career.

alistair.k
alistair.k

IT is not the corporate policy police. This is really HR's job... You can write any policy you like but if you can't discipline someone (or fire them) for not following it then you may as well save the paper. IT isn't about firing people or behaviour guidelines. Its not IT's job to be a stand-in legal department. If the company doesn't have in house legal people then they need to buy in that service from a legal professional. IT should be involved because we have the technology knowledge but when you are starting to police what staff do on their own time on their own equipment? Where is the IT Department in that?

Editor's Picks