The document discusses the importance of establishing security policies and procedures for companies. It recommends that companies create manuals covering their procedures, policies, and employee handbook. The procedures manual should describe work processes, the policies manual should outline policies in areas like employment and purchasing, and the employee handbook should define standards of conduct. Example policies discussed include limiting internet usage, managing keys and visitors, and protecting desktop and laptop computers. The conclusion emphasizes that policies should be clear and easy to comply with to encourage adherence.
3. Significance
Businesses should establish policies and procedures and
commit them to print before hiring the first employee. Policies,
defined simply as rules as to how the company or department
and its representatives should handle specific scenarios, and
procedures, meaning instructions as how to accomplish certain
tasks, are crucial to every business, regardless of size.
http://goo.gl/JZSCGg
4. Benefits
Establishing a company's policies and procedures provides
several benefits. The company is able to operate with greater
consistency, both in its internal and external workings.
Company morale generally increases because guidelines are
available on how to accomplish a task. Set policies and
procedures can also circumvent certain legal issues.
http://goo.gl/JZSCGg
5. Manuals
The policies and procedures manuals of a business should be
in accordance with local, state and federal laws, as well as
conscious of Internet use. The books need to appear
professional; a financier may request a copy of the policies and
procedures of a company under review.
http://goo.gl/JZSCGg
6. Procedures Manual
The procedures manual clearly describes processes, such as
how to enter an invoice into the system, processes with which
the new employee will not yet be familiar. Describe procedures
specifically.This may seem quite simplistic to the writer who is
familiar with the tasks at hand, but to the novice, a precise
explanation of the procedure may be invaluable.
http://goo.gl/JZSCGg
7. The Policies Manual
This manual should contain the company's policies on
employment, disclosure, competition, customer service,
purchasing and so forth. When writing a policies manual, keep
in mind whether, if the owner could not be reached, what
would an employee need to know to accomplish his assigned
tasks
http://goo.gl/JZSCGg
8. The Employee Handbook
This will be the first formal communication the company has
with a new employee. As an abbreviated policies and
procedures manual, it defines standards of behavior and
outlines what will happen when those standards are not
upheld. The handbook should contain the company's employee
policies and procedures for asking for leave and similar
requests. Management may find this to be an empowerment
tool should it need to discipline an employee.
http://goo.gl/JZSCGg
10. Limit Internet Usage
An Internet Usage policy should address whether or not employees are allowed to use company’s
computers for personal use.
whether or not software may be downloaded by anyone other than a system administrator.
should also consider whether or not Instant Messaging may be used during company time and/or on
company equipment.
http://goo.gl/gQErpT
11. Email/Social Networking
Your email policy should address appropriate content for company emails and social media
pages
key Control
Your key control policy should include a means to track who is currently holding mechanical keys and
who has permission to duplicate those keys.
http://goo.gl/gQErpT
12. Visitor Management
steer all visitors into a controlled entry point.
the visitors should be escorted at all times.
Requiring on visitors wear a badge and sign in and out should also be considered.
notify the visitor on management policy.
Non-Disclosure Agreement
make sure that employees understand what information they may and may not pass
on.
http://goo.gl/gQErpT
13. Desktop Computers
Each and every computer in the company must be protected by:
good antivirus program.
complete packages that provide an extra level of protection are Internet security suites.
Laptop Computers and Mobile Devices
make sure that laptops and other mobile devices are protected at all time by:
Sensitive information must be protected with encryption
http://goo.gl/gQErpT
14. Conclusion
One key to creating effective policies is to make sure that they are
clear, and as easy to comply with as possible. Policies that are overly
complicated only encourage people to bypass the system. Don’t make
employees feel like inmates. Communicate the need, and you can create
a culture of security.
There is always a trade-off between security and convenience.You
would like to board a plane without going through theTSA checkpoint,
right? But how comfortable would you be knowing that no one else on
the plane had gone through security either?The policies described in this
article will help to ensure that you and your employees are protected.
http://goo.gl/gQErpT