Having an IT policy in place is useful for a variety of reasons, but where do you start?

Thinking about your company’s IT and coming up with a plan to ensure things like security and compliance can be daunting, especially if you don’t have the necessary IT expertise. There are four key areas of your business’s IT you should focus on though, which should help you to build specific policies around...


It’s impossible to run a company without the internet, and for most businesses, this involves employees being connected for most of the working day. With this in mind, there are some basic web usage policies you can start to implement. We have discussed monitoring web activity in a previous blog, but for this to have a positive impact on productivity and security, you must clearly lay out expectations to your team beforehand. If you have team members working out of the office, you should address policies regarding public WiFi usage and installing security measures such as encryption software.


Be clear about what is expected when your team are using company email accounts. These should only be used for business purposes and should never be used to send personal files or forward links to personal or inappropriate addresses. Look at creating a standard email signature across your whole company. This strengthens your company brand and makes your business easily identifiable to people outside of your organisation.


Implementing a best password policy across your organisation will improve your company’s security enormously. Strong passwords include special characters, uppercase and lowercase letters, and numbers, and are as random as possible i.e. not based around existing words or phrases. Contrary to popular belief, it is no longer best practice to change passwords frequently either. We have more on more advanced layers of password security here.


Data storage and management policy is vital to ensuring your company and your clients’ information is as secure as possible. Make it clear that any data stored on company workstations, devices and cloud facilities belongs to the company, and as such should not be transferred or copied without authorisation. Data policies will most likely include elements of the previous three areas we have discussed and should form the foundation of your IT policy.

If you’re looking to plan long term IT goals, or need specific advice, we can help you set your strategy, or manage a major one off project! Please get in touch, we'd love to have a chat.