The Policy in Reality [Page 1]
Case Study: The Acceptable Use Policy document in which the author chose to review belonged to Insurance My Way (IMW) Ltd. IMW was an online insurance broker which amongst other things employed an IT department to oversee the gamut of creating, maintaining, and internally hosting its online marketing channel.
While officially authorized by IMW’s Executive Management, the document took a life of its own in the hands of the IT Department which saw the document as a necessary tool for corporate governance, and linked it with the seriousness it used in the technology value creation process. The document at a certain level approached Corvis’ idea that the Use Policy helps ‘educate,’ ‘define boundaries,’ and highlight ‘policing’ of the network.
Strict or Moderate Policy: In terms of the issue of personal use which was brought up by the techrepublic article by Norton (2002), from the second section we read that IMW reserved “the right to protect the best interests of the company” (Insurance My Way 2002 p1), and that it “[discouraged] the use of corporate systems for personal use” (p1). Going by the techrepublic.com benchmark, we can infer that IMW wanted to enforce a ‘strict’ acceptable use policy.
Enforcement: We draw from two anecdotal instances to highlight the difference when it came to the enforcement of the policy:
- An IT employee going through a performance review was provided feedback that mid managers and managers were cognizant that she was spending an inordinate amount of time surfing personal sites and sending personal emails; to the detriment of her professional performance. She was given a motivational session, and the leave to use corporate systems for personal entertainment; but only on condition that her conduct improve to be able to prioritize her time better and to segregate personal time after her objectives were met.
- It was common knowledge amongst the IT employees that there was shared resources on network drives where a vast amount of MP3s were available. While not explicitly documented in the policy, the issue of bandwidth abuse is mentioned. The amount of MP3s was evidence that abuse of bandwidth had occurred, but no one in the department was policing this nor reporting any untoward use of internal bandwidth.
- Before the policy was formalized, there was an incident where a staff member impersonated another employee and created a huge furor by name-calling another employee. While grounds for “immediate dismissal” (Insurance My Way 2002 p3) according to the yet-to-be-sanctioned acceptable use policy, the realities were that the employee in question was an extremely important and valued member of the team, and whilst the company reserved its rights, it would never exercise it, unless the matter had been exacerbated with one or more parties seeking legal action. The employee in question got off with a dressing-down session, a written report of misconduct landed in his personnel file, and had to formally apologize to all affected.
Policy Proper: The IMW policy clearly focused on using the document to educate users on the proper use of the system for communication. It spends an inordinate amount of time discussing “proper use of emails” (Insurance My Way 2002 p2), and the web-based alternative to email clients. This was very much linked with the focus on corporate disaster recovery exercises, and may be the reason why there is little emphasis on the use of other web-based applications.
Stregth of the Document: The IMW Acceptable Use document is very clear on the consequences of being non-compliant with regulations. It states that IMW even “reserves the right to charge staff (at commercial rates) for abuse of corporate systems” (Insurance My Way 2002 p1). this is clearly the strong point of this document.
Points of Weakness: The policy might have started out on the right footing, but fails to clearly state or enforce a desired acceptable use; it ends up becoming a to do list rather than a corporate guide of what is appropriate given corporate objectives. It however, does highlight information that could be interpreted as an educational guide for new users to the corporate system, though such information like "thread of discussion" (IMW 2002 p2) seen in 'Proper Use of Email' may be better communicated through continual user training. There is some good effort put into the document, and which may have been appropriate for this online financial broker, but the policy comes across slightly unbalanced in certain sections.
» Download the IMW Acceptable Use Policy (To save without viewing, right click)