As a business owner and probably managing director you have certain legal responsibilities and expectations. Many of these are out side the scope of this guide as they relate to the good management of a business but many related expectations can be laid out in your security policy.
The actual policy will vary from company to company, so all we can do is give you some pointers.
Consider including words in people’s terms and conditions of employment that make it clear that you expect data security discipline to be observed. You will also need to say that failure to observe those disciplines will be treated as serious misconduct liable to summary dismissal. That sounds heavy, but you need to ensure that you have the ultimate sanction for people that refuse to take IT security seriously.
You should also consider making it clear that internet and email access for any purpose other than strictly necessary for their job is a privilege that can be revoked at any time, and that you maintain the right to review and intercept internet and email use in order to ensure your company’s policies are being observed.
Without these protections in an employee’s terms and conditions you might find you have no right to check what people are up to. You should, of course, obtain legal advice for suitable wording.
Source:
Creating IT security policies
The
Business IT Guide
enables businesses to make the right IT decisions
