A lot of businesses – good or bad – sometimes just shoot from the hip. They make up ideas, policies, and methodologies to suit the immediate need.
Sounds good in theory but has very bad scalability.
Why IT Policy and Procedure is So Important
A Triton technologies we have ex-military for the majority of our administrative staff. The reason why is that we have a process and procedure for every ticket, every project, and every type of situation with policies to handle future unexpected situations. The reason why is simple and best explained with a story.
Preserving Security and Privacy
We had a client fire an employee. It happens. We received a call from the client asking to get a copy of the client list because they were going on a vacation needed to do work from remote. We have a policy that when a client’s critical infrastructure needs to be accessed, we need to contact their supervisor and/or business owner to allow for approval.
We contacted the business owner, and within seconds we were informed that person was fired because they were feeding information to their competitor. The ex-employee literally lied to us and, because of our policies and procedures, the intellectual property of the business was preserved. Though sometimes the policies might conflict with the business and their goals, it helps protect everyone involved.
That is why at Triton Technologies we emphasize the methodology when it comes to policies and procedures when handling service tickets, projects, and more. The reason why? It just works. It’s the same reason that all of our IT staff undergo rigorous background checks. Also, make sure to check out our blog on acceptable use policies to understand the policies and procedures you need in place under Massachusetts law for client data.
Want to learn more? Contact us today.
Policy, procedure and process.
I was asked recently why do I need a computer policy?
The short answer? It’s the law.
Massachusetts 201 CMR 17.00 Compliance
In Massachusetts, the law 201.cmr.17 clearly states that a business must have a clear and defined polices when it comes to internet and data access for their employees. To quote the purpose section directly:
This regulation implements the provisions of M.G.L. c. 93H relative to the standards to be met by persons who own or license personal information about a resident of the Commonwealth of Massachusetts. This regulation establishes minimum standards to be met in connection with the safeguarding of personal information contained in both paper and electronic records. The objectives of this regulation are to insure the security and confidentiality of customer information in a manner fully consistent with industry standards; protect against anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or inconvenience to any consumer.
MA Privacy Law Compliance for Your Business
What does this mean for businesses? If an employee decides to copy client’s data to an external drive or an external network and their is no company policy in place, it could possibly cause a tremendous amount of fines and penalties when it comes to data loss and lack of accountability that comes from a data breach.
The other problem is failure to prevent the data loss can also mean something larger when it comes to their clients data. If they are so careless with your clients data, it shows that they could be careless with your companies intellectual property such as client list, client information and more. Nothing is worse for a business owner than their client and accounting information to fall into their competitors hands.
Reviewing Your Company Policies
What we recommend to our client is to review their client handbook and their company policies when it comes to networks, computers and mobile devices. Many times our clients and some new ones are surprised when we ask for a copy of their handbook so we can make modifications.
Many attorneys believes that they do a great job when creating an acceptable use policy when it comes to their clients networks, but from an IT perspective, it can always be tightened up. From social media, mobile devices, flash drive, and password policies, it is imperative that we advise clients to have us review it so they are not at risk to penalties and data loss. Too often there is the one-two punch of losing client data, and then losing clients. Let us help you be proactive.