Most organizations adopted a “wartime footing” of sorts during the COVID-19 crisis. Actions that would have seemed unfathomable, like buying technology from Amazon.com, or connecting your kid’s laptop to company technology resources, were allowed and even encouraged in order to quickly get people working productively.
We’re now moving out of this period of improvisation and into a transitional period back toward some semblance of normalcy. During this period, it’s important to capture what was learned in the crisis response period, as well as establish time-bound, transitional policies that provide guidance and assistance to employees who are navigating yet more uncharted territory as they return to work.
SEE: Disaster recovery and business continuity plan (TechRepublic Premium)
Capture the good stuff
With everyone working toward a singular objective, and allowed nearly unfettered creativity, there likely were some great processes and procedures developed by your teams during the initial COVID-19 response. Previously unfathomable actions, like allowing people to procure their own hardware through consumer channels, were tested and might even have been found superior to the old way of doing things.
Is it really optimal to have six people touch and approve a purchase order for a $200 monitor, spending a few dozen hours across several employees to get the approved device to the end user, versus allowing the employee to wield their corporate card and source one that arrives at their doorstep in 48 hours with nary a moment spent by your staff approving and issuing POs? Perhaps breaking out of your 2010-vintage SharePoint site and into a hastily provisioned Microsoft Teams or Slack installation has changed the way groups collaborate, creating a benefit that far outweighed the perceived risks of cloud-based shadow IT.
In cases like these, returning to a restrictive policy will likely be difficult, especially if the COVID-driven exception to the rules resulted in a vastly superior experience for end users, without any dire negative consequences. These policy exceptions may prove to your leadership that previous standards around controls and restrictions simply aren’t worth the reduced productivity that newer tools and processes allow. Capture the new ways of working that should be “enshrined” as policy so you can provide guidance and support, and also put guardrails on what’s acceptable and what’s not.
SEE: IT hardware procurement policy (TechRepublic Premium)
Start with the person, and identify policy gaps
In the post-pandemic recovery period, there are likely to be major gaps in your current and “wartime” policies. Topics like workspace cleaning, how IT service visits will be executed, and how hardware will be physically cleaned are likely areas that haven’t been given much thought in the past. While these topics may seem like a second-order priority to someone with a technology focus, they’re critically important, as the human factor of how we return to work is perhaps even more important than the technical factor.
Simply having published policies about how hardware is cleaned after being serviced by your IT staff demonstrates to workers that you’re taking a thoughtful approach to getting people back to work and incorporating their personal safety into their planning. Involving the affected individuals will also aid this process. Call a few colleagues and ask what kind of support they’d expect from IT going forward, and how things like walk-up desks, or in-person visits from support technicians should change to ensure they’re comfortable.
Rather than implementing new policies solely through published documents that read like an extended version of the Ten Commandments, look for simple ways to implement new policies. If you use electronic or paper checklists, add items to support sanitization procedures. Putting bottles of cleaning products and signage with a simple statement like “Did you clean it?” at your walk-up support will likely be more effective than yet another emailed document admonishing the recipient to read, understand, and recall the content.
SEE: Computer Equipment Disposal policy (TechRepublic Premium)
Time-box your interim policies
Most policies are fired into the world with a degree of fanfare, and then forgotten until someone breaks the rules or finds a dusty, irrelevant document that is in dire need of an update. Particularly for policies covering new ground, whether it’s cleaning or using new cloud tools, set an expiration date and schedule time in three to six months to review. You’ll likely have learned even more about whether the policy is effective or needs to be modified, and this regular process of updating and evolving policies makes them a more effective tool.
As an employee, a policy that’s current, easy to understand, and ultimately designed to help me do my job more effectively becomes a helpful job aid, rather than a draconian list of all the things I’m not allowed to do. Strive for this standard, and policies become an enabler and productivity booster rather than yet another aspect of never-ending administrivia.
SEE: Server migration checklist (TechRepublic Premium)