1. Hardware
Most companies have a written policy stating that only the Information Technology (IT) department may install computers and peripherals. Other factors:

• To prevent loss, it is useful to label equipment with inventory numbers
• Because of high employee turnover rates in IT as well as outsourcing trends and use of contract workers, it helps to have written standards for connectivity, cabling, server storage
• Include instructions for submitting requests for moves, repairs, or additions
• Describe specifications on typical workstation configuration and monitor size
• Refer employees to the company security office for offsite checkout protocols for equipment.

2. Database Usage and Application Development
The trend is toward outsourcing database management to Application Service Providers (ASPs) where third-party applications or proprietary databases are hosted. As financial services companies migrate to the Web-based environment, many appoint an individual or a team from the IT Department to work closely with Communications, Human Resources, and senior management.

This IT Planning Manager (or Team) keeps a rolling technology plan that documents application requirements. It also sets Web- and program-development priorities, anticipates training and staffing issues that can be addressed in a cross-functional context. Business process analysis is performed as a first step.

Projects are prioritized based on their business impact. In larger companies it is important to keep all employees apprised of the priorities and progress implementation.

3. Software Purchases
Employees often wish to improve desktop functionality by adding software that is subject matter or business-unit specific. Indeed, there is a proliferation of proprietary software being hawked in every part of the value chain.

Illustration: A recent software audit of a high-tech company with 4000 employees and frequent mergers and acquisitions of smaller firms, revealed no fewer than 18 head-count programs currently in use. In addition to SAP and PeopleSoft, there were two facilities programs; a proprietary benefits administration package, a budget-planning suite; org chart and phone directories; and numerous departmental employee-tracking programs. Several employees were entering the same data. There was confusion over how to inform everyone about moves, promotions, new hires, and terminations. To avoid redundancies, a policy team can evaluate requests, based on current business goals and existing programs for software purchases.

As financial service providers acquire new products and processes, they can avoid similar difficulties if they set up a system to review software and application redundancies in such areas as benefits, 401(k) plans and rates.

IT departments need advance notice of software application needs for compatibility testing purposes. They also need the support of senior management for prioritizing such requests. The policy team can evaluate requests based on business impact.

Software disks are usually held by the IT department to avoid license violations.

4. Web Site Development and Administration
Growing firms will require Web policies to avoid redundancies and conflicts in their Web presence. It is important to avoid disconnects between the external page, the intranet, and the extranet (portions of a company's intranet open by password access to a business partner or vendor).

Experts agree that administration of the firm's Web site should be centralized, but content management be decentralized. The Web Council can identify representative "subject matter owners," or points of contact from each link in the value chain. The company's Web presence requires communications standards for design, size, style, and content. The Web council, with sufficient representation, can rank development projects by urgency.

5. E-Business Considerations
Besides other aspects listed in Parts One and Two, virtual business partners will need to review additional policies and practices:

• Security technology and encryption
• Monitoring tools
• Web-based applications
• Access control. To avoid such things as inadvertent wholesale deletions of information still needed by someone else, partners must control access and protocols.

Electronic Policy Management
No single business unit can take charge of policy making in the open communications environment or "policy pandering" will set in. Departments will start calling "dibs" on rulemaking. A policy on policy making is required, to keep peace amid change. The policy system should be presented in new-hire orientation, and linked to intranet sites throughout the enterprise.

Fast-growing companies usually appoint a task force or focus group if they do not have a Web council in place. It is comprised of representatives from across the enterprise. Those who share responsibility for oversight and enforcement must work together to shape policy consensus. They are tasked with protecting the firm from harassment, gossip, and wasted time. The departments that usually facilitate policy crafting and promulgation are the Information Technology Department (or outsourced vendor rep); the Human Resources Department; and the Communications Department.

Further tips:

• Review both the electronic communications policy and the technology manual periodically (legal department and by senior management)
• Use focus groups and surveys to shape consensus and to engage as many as possible
• Policies should appear in consistent technical writer's style and format.
• Insert the latest policy revision date in a footer on each page
• Describe how policies will be enforced, to whom they apply, and penalties for abuse
• Include contact information, for feedback and notification purposes
• Identify by title those executives authorized to create new policies or override existing ones

Originally published April 24, 2000