Create a company policy?

KGhaleon

I've been looking for a new job, since my old one isn't that enjoyable and the new manager in charge isn't terribly reliable. In the meantime I've been thinking of ways to improve on the business and maybe make our jobs a little easier. I don't think we have a company policy, would it be wise to write up one and present it to him?

I have no idea what I'm talking about, but I'm guessing that it wouldn't hurt to write up a document stating the responsibilities of the technicians and the customer, so as to protect us from crazier ones out for blood.

wiki states:
"The goals of policy making vary widely according to the organization and the context in which they are made. Broadly, policies are typically instituted in order to avoid some negative effect that has been noticed in the organization, or to seek some positive benefit."

We already make it our responsibility to take care of the customer's machine and ensure that it is returned in one piece. However, we have nothing to protect ourselves with.
Anyone have a suggestion on how I should go about this?

KG

Kaminsky

Erm.. every deparment should have detailed policies regarding how it carries out it's work and what it is responsible for. I mean right down to what backup tape is due in that day.

However, if you are thinking of leaving what are you hoping to gain by writing policies up and presenting them to the new manager?

KGhaleon

It's a small business and I can't see it staying alive forever, so I often go out of my way to help. The business was quite disorganized when I first started working there, but I've cleaned it up a bit by offering my own suggestions to the current manager. Policies would protect not only me, but other technicians that come after me. Honestly, he might already have some in-place...but he's never mentioned company policies to me, so I doubt it.

KG

garv221

Creating policies is a great experience. I created a lot of policies for employees outside of IT regarding how to contact IT, when to contact IT and the line between their responsibility and when IT actually takes over. We had a lot of different employees handling small aspects of IT and these policies made sure we would not get involved until they handled their responsibility first. Policies tend to hold people accountable and piss those off who do not like to work.

KGhaleon

So we just need to write up one and make it available for anyone to view? I'm guessing that it's nothing more than a document. I was looking at policies other companies have done and it doesn't look difficult.

KG

keatron

The most important part to any company policy is to make sure you get management, support, input, and signatures. Without that it's just paper that will rarely, if ever be enforced.

KGhaleon

Got it, I'll see what I can do about getting one done. I spoke with my manager the other day and he wasn't really sure if he had been given one from the previous owner. I'll write one up anyway.

KG

davenport

keatron wrote:

The most important part to any company policy is to make sure you get management, support, input, and signatures. Without that it's just paper that will rarely, if ever be enforced.

Big +1 on that. I took a job as an assistant admin (for some reason I had to train the admin, ANYWAY thats another story. ). This place was the most disorganized place I've ever seen in my life. Cd's where thrown all over the server room, there was no telling what licenses went to what machine. You'd find server cd's and crap laying under desks and chairs, it was a train wreck. Long story short, we all sat down together, cleaned everything up, started making policies, etc. It made the job much easier.

plettner

keatron wrote:

The most important part to any company policy is to make sure you get management, support, input, and signatures. Without that it's just paper that will rarely, if ever be enforced.

Exaclty right! I wrote a policy on sevrer room access. Who's allowed in, what process there is for signing, etc. I sent it to the supervisor and never heard anything more.

People still help themselves to the server room. Don't bother signing in or out.

I wonder why I bother sometimes.

plettner

KGhaleon wrote:

So we just need to write up one and make it available for anyone to view? I'm guessing that it's nothing more than a document. I was looking at policies other companies have done and it doesn't look difficult.

KG

At the most basic level, yes, you could that.

What we do is have an authorisor of the policy and someone who edits and updates the policy (could be the same person.) Using document management software only people who are allowed to edit the document can edit it and even then the document is placed in "draft" mode. This means it is not current and printing the document out shows this. Once the policy is signed off (authorised), the document is made current with a version number attached (i.e. version 1.0, 1.1, etc) to it by the management software and also in header/footer of the document.

Anyone can read these documents, just not edit them. You can also set a review date so that the owner must perform a review (say every 6 months).

This is more advanced than you need by the sound of it, but the concepts, i.e - versioning, editing, sign-off, should be taken into account.

garv221

A policy only works when everyone is aware of it and there are consequences when it is not followed. There cannot be exceptions to the policy either or it will never be enforced. Typically those who create policies are in a position to terminate employees.

plettner

garv221 wrote:

A policy only works when everyone is aware of it and there are consequences when it is not followed. There cannot be exceptions to the policy either or it will never be enforced. Typically those who create policies are in a position to terminate employees.

In our environment, when a policy is created or updated, a copy is given to each employee and they must sign to say they have received and read it. If you breach policy, you're out the door (in most cases). There are no excuses if you have signed stating you've read the doucment.

An intersting story if I may. We had a manager who ordered a 19" LCD monitor. It never arrived to him. I wasn't in charge of procurement but I helped in the investigation of where it could've gone. It was supposedly delivered but never signed for by the manager to say he had recieved it.

Anyway, my supervisor came to me and asked what I knew about the monitor. He told me someone in South Australia had called our organisation saying they had just bought a brand new monitor on eBay which looked like it belonged to us. Sure enough, it was one of ours. The monitor had been sold to our company with an asset tag already on it but never delivered directly to the manager. The person who pinched the monitor advertised it on eBay as having never been opened but clearly was to put the tag on it. The person who bought it complained it was opened becuase of the asset tag. That's why they contacted our organisation and hence the investigation.

Anyway, an internal audit was carried out but the person who sold the monitor on eBay's justification was that the monitor was just sitting there for so long and no one would notice it was gone.

I don't know who that person is but as theft and pilphering is against company policy, they have no excuse. I do not know what has happened to this person.

My moral is have a policy for evertyhing and make sure it's signed. There can be no excuses then.

KGhaleon

^that's an interesting story. Guess I'll make it a point that we label our equipment as well. I just started writing up a business policy, so when I finish I will probably post it here for comments, if necessary.

I will be making the document available to customers, but it will be in a safe location so I'm not sure if special tools will be needed. I'm just using a normal word document.

KG

keatron

plettner wrote:

garv221 wrote:

A policy only works when everyone is aware of it and there are consequences when it is not followed. There cannot be exceptions to the policy either or it will never be enforced. Typically those who create policies are in a position to terminate employees.

In our environment, when a policy is created or updated, a copy is given to each employee and they must sign to say they have received and read it. If you breach policy, you're out the door (in most cases). There are no excuses if you have signed stating you've read the doucment.

An intersting story if I may. We had a manager who ordered a 19" LCD monitor. It never arrived to him. I wasn't in charge of procurement but I helped in the investigation of where it could've gone. It was supposedly delivered but never signed for by the manager to say he had recieved it.

Anyway, my supervisor came to me and asked what I knew about the monitor. He told me someone in South Australia had called our organisation saying they had just bought a brand new monitor on eBay which looked like it belonged to us. Sure enough, it was one of ours. The monitor had been sold to our company with an asset tag already on it but never delivered directly to the manager. The person who pinched the monitor advertised it on eBay as having never been opened but clearly was to put the tag on it. The person who bought it complained it was opened becuase of the asset tag. That's why they contacted our organisation and hence the investigation.

Anyway, an internal audit was carried out but the person who sold the monitor on eBay's justification was that the monitor was just sitting there for so long and no one would notice it was gone.

I don't know who that person is but as theft and pilphering is against company policy, they have no excuse. I do not know what has happened to this person.

My moral is have a policy for evertyhing and make sure it's signed. There can be no excuses then.

This is a decent solution. But in addition to this, have the GPO logon banner enabled. The banner will read something like, "by logging on to this computer you are agreeing to all company policies blah blah blah", make sure it's smoked over by your attorney team and insurance team. This way, they are reminded daily that they agree to the policy. Also, it takes away the redundacy of trying to coordinate 10,000 people signing a sheet of paper every time a policy changes. This is simply not practical in a large environment. It usually they sign when they're hired (i agree to comply with all policies and procedures, including future and current), then they're just reminded of it with the logon banner. If you're not in a Microsoft Domain based environment, you can find similar third party offerrings for different other network solutions.

plettner

keatron wrote:

This is a decent solution. But in addition to this, have the GPO logon banner enabled. The banner will read something like, "by logging on to this computer you are agreeing to all company policies blah blah blah", make sure it's smoked over by your attorney team and insurance team. This way, they are reminded daily that they agree to the policy. Also, it takes away the redundacy of trying to coordinate 10,000 people signing a sheet of paper every time a policy changes. This is simply not practical in a large environment. It usually they sign when they're hired (i agree to comply with all policies and procedures, including future and current), then they're just reminded of it with the logon banner. If you're not in a Microsoft Domain based environment, you can find similar third party offerrings for different other network solutions.

For our logons (Novell Netware), we have a "conditions of access" dialog box where you must click Yes or No. Click No, it logs you off. it runs through the logon script. If I tick Workstation Only, I don't see the screen.

New employees have to sign all the forms as well which is kept by the manager or scanned into a doucment archiving system (new e-mail/Novell/Internet account forms particularly)