As strategic business partners of senior management, Human Resource professionals realize how important it is to understand management’s top-of-mind issues and provide approaches to assist the organization in closing any strategic gaps.
Currently, company leaders and boards of directors are focusing on risk mitigation, governance and ethics strategies for very specific reasons:
1) To avoid significant financial loss and injury to reputation due to undetected and/or unaddressed wrongdoing, similar to that recently experienced by WorldCom, Enron, Tyco, Tenet, and the New York Times;
2) to comply with legislation and new governance guidelines; and
3) to restore public trust and retain the trust of their employees and other key stakeholders.
The Acceptable Use Policy (AUP) defines how employees may use the IT Infrastructure supplied by the organization. The policy specifies whether employees may use organization resources such as networks, Internet connection, and e-mail accounts for personal use. It may also define whether employees may download files from the Internet, forward humorous or chain letters via e-mail, or engage in sending spam. An acceptable use policy generally forbids any activity that is prohibited by local, state, or federal laws, or violates regulatory compliance.
AUPs have become far more important than simply ensuring a user isn’t spending their whole working day surfing the Web, exchanging jokes and pictures or chatting with their friends or family. The reliance upon IT and the nature of the data that passes through it is often fundamental to the successful and smooth running of a business or organization. Any compromise or failure of the system has the potential to be catastrophic and can result in anything ranging from the merely irritating or mildly embarrassing to criminal prosecution and a prison sentence for corporate officers.
While an IT team can manage and control the hardware and software across their network, they have a much more difficult job with the end-users, who are often considered to be the weak point in an otherwise secure network. The number one security threat to a network or business is the users or employees, former disgruntled employees, and uneducated users.
The only way that I would decide to change the AUP is if I had the backing from Top Management, and the network or the business had changed and the policy needed to be changed to be effective.
I would consult with the Top Management and request their support of the AUP, and help in assuring that the employees will all attend a mandatory workshop to learn the policy rules, and promise to adhere to the policy, as is. We cannot just change the policy “willy-nilly”, just because the employees don’t like it. I would try to reason with the users and assure them why the policy needs to stay as is. I would conduct a workshop to educate the users on why the policy is so important, and make them a list of the reasons why the policy is so important. I would also require each employee to sign that they had read, understood the policy, and promised to adhere to the rules of the policy. I would list the consequences if the policy was not adhered to, such as a reprimand or termination.
Our commitment is to conduct our business consistent with the highest standards of conduct and ethics, and to buy and sell on the basis of value, which is a combination of quality, service and price. Our reputation as businesspersons is committed to these principles is an invaluable asset. Therefore, all of our business and its affiliated and subsidiary companies, (the “Company”) business will be conducted in accordance with the letter and spirit of the law wherever we do business, so that full disclosure of our manner of doing business will at all times be a matter of pride.