Many IT problems can be prevented by or can be mitigated by having suitable policies in place. Such policies need to supported by procedures. Together these policies and procedures will save you money and result in a more secure, more reliable, and consistently set up computer network.
Welcome to the IT\norwich Policy & Procedure Framework
Small business customers often do not have the time, inclination or expertise to write and develop their own IT polices, so we take it upon ourselves to adopt a rough set of ‘default’ policies and procedures, taking into account factors such as experience, best practice, cost effectiveness, practicality and future-proofing.
The result of this approach is simple – when you ask us to do a job you can assume we’ll do it in such a way that is best practice, and we’ll do that job consistently well by embedding that policy into our procedures. It also means that when we supply you with equipment, it lends itself to being installed and managed using the policies and procedures we’ve set.
Customisation and Accommodating Customer Needs
When we onboard you as new customer we’ll be keen to implement our default policy and procedures, but we know that every customer is different. As a result the policies and procedures we implement for your site are tweaked over time to the point where they become bespoke to your businesses but still founded on good standards.
In some situations we recognise that our customers policy needs can be very different to that which we recommend and accommodating these different policies isn’t a problem. As long as you are aware why your policy might not chime with best practice, or we see that your policy fits your business better than ours, we’ll adopt your different policy and publish this into our policy library for your site, updating any procedures as necessary as part of our usual support process.
Our Cyber Essentials Focus
We use the Cyber Essentials guidance in our Policy and Procedure Framework. Cyber Essentials is a UK government backed scheme to help businesses adopt what is considered to be a minimum level of security and cyber protection. Some businesses have to prove their compliance in order to close a deal while other businesses may never have heard of it. Even if your business has never heard of Cyber Essentials, you can be sure that when you partner with IT Norwich Ltd – you’ll be benefiting from policy recommendations founded on best practice.
For more information on Cyber Essentials, please visit the UK National Cyber Security Centre.
Our Cyber Essentials Focused Policy and Procedure Examples
While we do not publish our policies and procedures on our web site, we do often write about them. If a customer needs to be told why a certain policy exists we’ll often link them to an article that discusses it. As a result we can show you some examples of the sorts of policies we implement:
Admin Rights Policy
Where customers have a proper client-server network it is our policy NOT to allow users admin rights unless explicitly requested by a manager or director. This is supported by our user onboarding procedure which is explicit that admin rights are not to be granted. For more details on this see ‘Granting Users Admin Rights on Computer Networks – Convenience vs Security‘
Mobile Phone Policy
We recommend against the use of personal mobile phones for work and so if one of your users calls us and asks us to help them set up their work email on a personal device we may well reject the request for the reasons outlined in ‘Use of Personal Mobile Phones for Work Email’. If we can get authorisation from a line manager or director then we’ll carry on as requested.
Data Control Policy
The basic foundation of data control is to ensure your organisation owns the technology upon which your data resides and has (typically via an IT provider) full oversight and management capability of the services and software used to access and edit that data. Have you got a policy that supports this? See Data Control for Organisations.
Third Party Access to Customer Systems Policy
Do you allow anyone other than members of staff to access your system? If so then where is your policy that describes the expectations upon those people in terms of both behaviour and IT standards? We have an Example Third Party Access to Customer Systems Policy.
Document Scanning Policy
Most customers have a network scanner used on a daily basis however very few have thought about a document scanning policy. We encourage customers to adopt a policy around such as that outlined in ‘What is your Document Scanning Policy?‘
Making sure you have as few open ports as possible
Opening ports in your router is like poking a hole in your security. Our policy is to really try and avoid this where possible – see our article on the risks of opening ports.
User On-boarding Procedure
When you have a new member of staff join your business you’ll want them to hit the ground running, and we know that the IT should support their job function, not get in the way of it. As a result we have a procedure which maps out how our technicians prepare for new starters. This could for example include setting them up a mailbox, setting them up on the server in a way the befits heir job role, setting them up on a computer and then setting up the software and other resources they need on that computer ready for their arrival. The procedure does not have to be a one-size-fits-all and can be different according the new starters job role.
User Off-boarding Procedure
As people leave the business it’s essential that their access to various systems is revoked and that their data is ‘tidied up’. Off-boarding is considered an important IT housekeeping exercise and failure to follow a procedure like this results in an insecure and very messy system.
Software Installation & Configuration Procedure
While most software is easy to install – it’s a case of downloading an installer and pressing next a few times – most customers usually have at least one software application that needs to be configured in a very specific way for it to work correctly. These types of applications are often mission critical and industry specific. In such scenarios we maintain detailed notes on how such applications are installed and configured so that we can replicate the installation – perfectly – first time and every time.
We are committed to doing the right thing, rather than the cheapest or easiest thing, and most customers come along with us on that journey even if they don’t realise it! If you are running a small business in Norwich or Norfolk and are looking for an IT partner with a philosophy like this, please see How We Work or Contact Us today.