Policies to keep IT under control

No matter how much freedom you give your staff, it's important to retain some control over how technology is used in your business. Because when you have control, you can be confident.

You can be confident staff aren't wasting time. You can be confident you comply with data protection laws. And you can be confident you have a proper structure within which your business technology operates.
Your IT policies help establish this structure. They describe how technology should be used in your business, so your employees know what is and isn't allowed.

In short: they protect your company and your staff.
Get started with IT policies

Your IT policies don't need to run to hundreds of pages or contain complicated legalese. They just need to cover the essentials and be easily understood by your employees.

In fact, short and sweet beats long and detailed every time. IT policies should be documents your employees can read, understand and put into practice.

To help you create key IT policies for your business, we've created some free templates. Download them today and use them however you like in your company:

Our sample data protection policy template
Our sample data protection policy template is designed to help you create a data protection policy that works for your business.
As every company is different, it's important to consider how you work with data and write a policy to suit your circumstances.
You can use our sample data protection policy template as a starting point and add, remove or change information as required.
Data protection is an important issue for every business, so it's a good idea to seek professional advice before putting your policy into action. Using a sample data protection policy template may allow you to reduce your costs, because you won't need to ask your lawyer to create a policy from scratch.

You can download our sample data protection policy template now. It's a Word file, so most computers should be able to open it automatically.
Data protection policy template structure
The Data Protection Act is founded on eight principles of data protection. These say that data must:
1. Be processed fairly and lawfully
2. Be obtained only for specific, lawful purposes
3. Be adequate, relevant and not excessive
4. Be accurate and kept up to date
5. Not be held for any longer than necessary
6. Processed in accordance with the rights of data subjects
7. Be protected in appropriate ways
8. Not be transferred outside the European Economic Area (EEA), unless that country or territory also ensures an adequate level of protection

Our sample data protection policy template is organised along similar lines, addressing each of these principles to explain:

• To what types of data the policy applies.
• Who in the business is responsible for data protection.
• The main data risks faced by the company.
• Key precautions to keep data protected.
• How data should be stored and backed up.
• How the company ensures data is kept accurate.
• What to do if an individual asks to see their data.
• Under what circumstances the business discloses data, and to whom.
• How the company keeps individuals informed about data it holds.
• Implementing your data protection policy

Your data protection policy should be a practical document. Your staff should be able to understand it and refer to it when they need data protection advice.

It's important to review your data protection policy regularly. Most companies do this about every two years. You should also review if your business changes how it operates or plans to start storing data in a new way.
It's a good idea to require staff to read your data protection policy (and sign a document to that end) when you introduce it. It should also be part of your induction programme for new employees.

However, always remember that a policy alone is not enough to ensure your business keeps its data safe and operates within the law. Training, expert advice and clear lines of responsibility are other important considerations.
Implementing your internet use policy

Your internet use policy should be a practical document. Your staff should be able to understand it and refer to it when they need advice.
It's important to review your internet use policy regularly. Most companies do this about every two years. You should also review if your business changes how it operates or makes changes to where and how employees can access the internet (for example, providing mobile internet access or internet access to homeworkers).

It's a good idea to require staff to read your internet use policy (and sign a document to that end) when you introduce it. It should also be part of your induction programme for new employees.

However, always remember that a policy alone is not enough to ensure your business keeps its systems safe and operates within the law. Training, expert advice and clear lines of responsibility are other important considerations.
Implementing your email use policy

Like any IT policy, your email use policy should be a practical, usable document. Your staff shouldn't just read it and forget it. They should be able to understand what it means in practice, then refer to it if they need any advice about using email.
Review your business email use policy every two to three years. You should also revisit it if you move to a new email system or fundamentally change how things work (for instance, if you introduce mobile email).

It's a good idea to require staff to read your email use policy (and sign a document to that end) when you introduce it. It should also be part of your induction programme for new employees.
Implementing your social media policy

Your social media policy should be a usable document that staff can understand and refer to. It's no good having an incredibly detailed, exhaustive policy if nobody can be bothered to wade into it and work out what it actually says.
You'll also need to review your social media policy regularly. Given that this is a fast-moving area, it's wise to do a quick review once a year.

You should also review the social media policy if your business changes how it operates or there's a shift in your social media strategy.
Get staff to read your social media policy (and sign a document to that end) when you introduce it. Make it part of your standard induction process for new staff.

Finally, don't forget that having a clear policy is only one part of ensuring safe, effective social media use in your business. Your employees will require ongoing guidance, support and training to make the most of this powerful business tool.
Implementing your website privacy policy
Although your website privacy policy is likely to sit on a page which relatively few website visitors will see, it's still important to make it clear, straightforward and relevant.

For starters, a proportion of your website visitors will actively seek it out.
But perhaps more importantly, the people visiting your website have the right to know how you use the data you collect from them.
They might only choose to view that information if they have a query or complaint, but it's at that point when having a privacy policy is most important of all. It protects your visitors, and it covers your back too.