Why you need to revisit your IT policies

Featured Content

This article is courtesy of TechRepublic Premium. For more content like this, as well as a full library of ebooks and whitepapers, sign up for Premium today. Read more about it here.

This article is courtesy of TechRepublic Premium. For more content like this, as well as a full library of ebooks and whitepapers, sign up for Premium today. Read more about it here.

Join Today

Rather than thinking of policies in terms of preempting bad behavior, think of them as providing guidance that helps employees work more effectively.

Senior man hands on laptop closeup

Image: Getty Images/iStockphoto

I'm writing this as some countries and US states begin to reopen for business to varying degrees as quarantine and stay-at-home restrictions are gradually being removed. Regardless of whether your company is returning to work or still developing its post-pandemic plan, hopefully you, and your teams are shifting from panic mode in response to the early stages of the pandemic, to a more future-focused mindset, where we have the luxury of considered planning rather than responding to events reactively as they unfold.

Part of that proactive planning should be adjustments to your IT policies. These documents are often forgotten until they're most needed, and the recent rushed transition from office work to remote work likely highlighted this condition. In the rushed transition, imagine how helpful it would have been to have some basic policy guidance on what equipment is supported for remote work, what items are reimbursable and where they can be sourced, and which software was recommended. If nothing else, some simple policies and guidance around these topics probably would have saved your already-stretched support staff dozens of phone calls and emails.

SEE: Business continuity policy (TechRepublic Premium)

Perhaps you did have several policies related to remote working in place pre-COVID-19 that were ultimately abandoned in the midst of the crisis or contributed more to confusing employees rather than helping them. Your organization may have been one of the hundreds with policies explicitly prohibiting remote work or disallowing the use of any personal devices, restrictions that were quickly abandoned in the heat of battle to get people working.

Enjoying this article?

Download this article and thousands of whitepapers and ebooks from our Premium library. Enjoy expert IT analyst briefings and access to the top IT professionals, all in an ad-free experience.

Join Premium Today

In both of these cases, any formal policies were essentially replaced with "wartime guidelines" that were improvised to accommodate a rapidly changing environment. There's absolutely nothing wrong with this improvisation in the heat of battle; however, with some relative calm there are two dangers to not revisiting your policies:

  1. The creativity and flexibility in responding to crisis often creates some great ideas and lessons forged in a time of crisis. Many of these hard-won lessons are worth capturing in long-term policies.
  2. There's a longer-term danger of creating an environment with no policies, where each decision is made in a vacuum without thoughtful guidance.

SEE: Telecommuting policy  (TechRepublic Premium)

Policy at its finest

At their best, policies provide guidance based on organizational priorities and experience, and at their worst, they are an extensive list of "Thou Shalt Nots" that assume your colleagues are nefarious scallywags one step away from destroying the organization should you not be there to preempt each of their misguided notions. Many employees dislike policy documents since they bias toward the latter, and unsurprisingly when you treat your colleagues like children and scoundrels, they'll rise to the occasion.

Rather than thinking through your policies in terms of preempting bad behavior, think of them as providing guidance that helps them work more effectively.

SEE: Home usage of company-owned equipment policy (TechRepublic Premium)

With that overarching objective in place, consider a three-phased refresh of your IT policies as part of your post-pandemic recovery planning:

  • Capture all the "wartime" policies, formal and informal, that proved beneficial and could inform your long-term policies and procedures.
  • Create a set of interim policies that support a return to work and have a defined "expiration date." These policies should support the transition back to a more stable working environment and help employees understand the "rules of the road," whether they continue to work remotely or return to an office. These new policies should also clarify what to expect in terms of technology support as well as unfamiliar areas like sanitation and cleaning of devices and workspaces.
  • Plan your long-term policy updates. Nearly every organization has updates to its remote working and crisis management policies based on the COVID-19 experience, and it would frankly be a shame to lose what we've learned and can apply whether the next pandemic-like crisis happens tomorrow or in ten years.

SEE: Remote access policy (TechRepublic Premium)

Build the policy dream team

Getting the right team involved with creating your policy updates can be just as important as the updates themselves. With an overarching objective in place, gather a team from across the organization to help develop and vet your new policy documents. Consider whether policies developed and issued by a nameless, faceless administrator will be better received than policies developed by a working group of people who will actually be impacted by the policies. Particularly for policies around remote work and other areas that directly and frequently impact employees, gather a working group to develop the policies that will bring great ideas, and a legitimacy that the policies are truly created with employees' best interests in mind.

Join Premium Today