Write a Policy

By Bob Walters  |  Posted 2010-02-01 Print this article Print

Step No. 3: Write a policy

Once you have decided what is and isn't acceptable use, the creation of a written policy is fairly straightforward. However, there are three best practices to keep in mind:

1. Use clear and nontechnical language

Nontechnical users, for example, are often unaware of how their activities impact bandwidth, how attachments over Web mail might bypass corporate virus scanning, and how downloading a free screen saver can infect their computer with malware.

2. Keep it short

The shorter the policy, the greater the chance that it will be read, understood and referred in the future.

3. Stress the spirit of the law

Base your policy on simple, inviolable principles that can be seen as reasonable by both technical and nontechnical staff members. At a minimum, those principles should include the following: assessing Websites that are inappropriate (for example, violent, pornographic or hate Websites), assessing what amount of time is acceptable for personal Internet use, noting that the posting of confidential material is prohibited, defining Websites that should be avoided because of security risk or excessive demand of network bandwidth, and clearly stating what activities from which employees should refrain.

Keep in mind that the Internet is changing rapidly and it would be tedious to rewrite the policy every time a new technology or phenomenon such as Facebook presents itself as a threat. But by clearly articulating a small set of guiding principles, you will avoid having to constantly revisit and rewrite.

Bob Walters is President and CEO of Untangle. Bob began his career landing F/A-18 Hornet fighter aircraft on aircraft carriers. Today, Bob leads Untangle. Most recently, Bob landed Teros, his application security startup, at Citrix Systems via acquisition. Along the way, Bob has contributed in executive and general management positions at a number of top startup and public companies including Securant Technologies (now part of RSA Security), Linuxcare, Informix Software and Red Brick Systems. Bob is a published expert and invited speaker in Internet security, data warehousing and data mining, entrepreneurship and leadership. He is an honors graduate of the U.S. Naval Academy in Annapolis and was a Guggenheim Fellow at Princeton University. He can be reached at bob@untangle.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel