To help keep IT systems running securely and efficiently, businesses often create IT policies, plans, and strategies. For example, businesses establish comprehensive acceptable use, mobile device, and email policies to protect their IT assets. They also develop detailed disaster recovery plans and data backup strategies so they can recover from major disasters (e.g., fire) and minor misfortunes (e.g., corrupted files).
Despite spending considerable time and effort creating these documents, some companies then let them sit around and collect dust. However, they are not files that you can create and then ignore.
After you create your IT policies, plans, and strategies, you should:
- Share them with the appropriate employees. You cannot expect your employees to adhere to IT policies, plans, and strategies they know nothing about. Some documents need to be shared with everyone (e.g., acceptable use policy), whereas others only need to be shared with those people affected by them (e.g., data backup strategy). When presenting a policy, plan, or strategy to employees, explain why it was created. In addition, let them know the consequences of not adhering to it.
- Implement them. What is the sense of developing IT policies, plans, and strategies if you do not execute or enforce them? While this is rarely intentional, sometimes these documents go unused.
- Review them periodically. You need to treat your IT policies, plans, and strategies as living documents. At least once a year, review them to make sure they are up-to-date and relevant. If changes are made, share updated versions of those documents with the appropriate employees.
- Test them regularly. Some IT policies, plans, and strategies should be routinely tested. For instance, you should test your IT disaster recovery plan by holding drills. Besides identifying problems with the plan, these drills will allow employees to learn and practice the process. This will help minimize employee stress and lead to a faster recovery time in the event of an actual disaster.