Edward Ned Harvey wrote:
> For the moment, I am not asking you what you think is good policy.
>
>
>
> For the moment, I am only asking for feedback on my intended style, to
> introduce policy in an organization that formerly had none.
>
>
>
I think that asking the 'general public' to help decide IT policy is a
noble cause, but not practical. You're the IT guy, so you should know
best (and if you don't then you shouldn't be the one working on the
policy ;). If your employees knew enough about IT to write policy, then
you wouldn't need to have said policy.
So, here's what I propose to you as a solution:
Rather than writing out a long list of rules, regulations, etc that your
employees will ignore, focus instead on education.
Example:
Policy: Your password must be at least 8 characters long and include
letters, numbers, and a minimum of one punctuation (!...@# etc).
-versus-
Education: It's important to have secure passwords to prevent
unauthorized access to protected data. Secure passwords are at least 8
characters long and have a mix of letters, numbers, and punctuation.
With policy you are just barking out orders. However, with education
you are informing the people best practices and (more importantly) WHY
it is a good idea they follow these practices. You're communicating the
same information but in a more useful way.
- Ryan (the guy who spends a large portion of his time converting rules
and regulations from his employer's parent company to more useful
policies and best practices)
_______________________________________________
Discuss mailing list
Discuss@lopsa.org
http://lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
