Training Materials
Presenters: Steve Gray, LSSCM & John Greiner LSNY
Technology policies serve to outline acceptable uses, practices and guidelines for technology in the workplace. This module is designed to provide poverty law managers and techies with suggestions for their program's technology policy.
Steve's Hippy Technology Zen Mantra: Open but Standardized Freedom
Open: Don't put more energy into locking down your data than you do in securing your paper files. We really don't have anything that anyone wants anyway. Too much time, energy and expense can be put into security. You need to cost-benefit this realistically. Once you staff are inside your network it should be very easy for them to get to everything they need. Don't let your sys admin go crazy.
Caveat: this of course doesn't apply to ports outside your firewall or accessible to the internet. Hackers want your web or email server and they shouldn't be allowed to have it to torment others.
Standards: It is impossible to support every software application that a staff has an itch to try. For the sanity of your techie you have to pick a uniform set of core apps (email, browser, office suite) and install, support and train only those. Same goes for data storage conventions. All programs have a filing system for paper files - you need an easy way for any staff or manager to find another's electronic documents.
Freedom: Program technology should not be controlled by the sys admins. The technology is present for the benefit of staff and their work. We should not lock down our systems to such a degree that staff can't try innovative or time saving ideas. We aren't guarding Fort Knox here. We should err on the side of access for staff over overly restrictive security.
A Word or Two about Process (what can I say, I'm married to a social worker)
1. Initiate - discuss in team/staff/volunteer/management committee meetings etc.
2. Form working group (if appropriate) to draw up draft
3. Use framework for consultation with users and gain feedback
4. Draft policy and circulate amongst working group for comment
5. Write up final policy
6. Publish and Train
7. Monitor and review annually
Your program needs to inform its people about the type of behaviour it expects of those using the internet in the workplace and about the consequences for abusing internet privileges.
Areas to Consider
Monitoring - Are you going to be monitoring or filtering traffic in and out of the network? If you are people need to know that and if you aren't people need to know that their movements are still being logged probably by your firewall and your ISP. Also the workstation they are using will likely keep track of sites and images they have viewed.
Prohibited Use - Most programs related that primary purpose of internet access if for program related work and specifically prohibit things like: obscene materials, gambling, LSC restricted activity, prohibited file sharing (i.e. Kaaza), instant messaging and for profit use. Some programs simply prohibit any non-work related use.
Personal Use - some allow on non work time except for anything prohibited.
Acceptable Downloads - over and above prohibited items folks can load their system up with spyware and potentially viruses. As well as clog up your internet pipeline with large downloads. You can cover this is a security section as well.
Like internet use your program needs to inform its people about the type of behavior it expects of those using email in the workplace and about the consequences for abusing email. Considerations here could equally apply to instant messaging.
Areas to Consider
Although this topic is touched on some in Internet Use and Email sections it warrants further discussion. To what extent can staff use the equipment for non work related activity? In addition to internet and email considerations should staff be allowed to load games on their computer or play online games? How about music and MP3s? How about selling on eBay or making personal online purchases?
Things to Consider
In addition to prohibitions or limits on acceptable use, there are areas for which your program wants users to take affirmative responsibility.
Users need to be using set protocols and standards for storing electronic files and putting them in a place where they are back-up regularly.
This may not be as relevant today but many programs have reguired staff to regularly check voicemail and email and to notify others in the program when they are going to be away and won't be checking in.
Even with the best anti-virus software and security systems users can find ways to make a lot of work for others. Users need to be trained and then asked to take responsibility for their part in prevention.
To what extent will you allow users to intall software on their workstations whether for program or personal use?
Work-related vs. Personal Use - Some programs prohibit this entirely, while other allow with permission for work-related purposes.
Ghosting - Some programs have a standard desktop image that they use to handle this issue. If users install software that causes problems they can simply re-ghost the desktop to the program standard in a matter of minutes.
The Entech NPO Tech Policy Template is a free, online form based system that assists non-profits in creating their own program tech policy.
Editorial Note: It seems to me to be a little on the restrictive side.