Mistake: Leaving people’s obligations unclear

Many IT departments have trouble getting support for measures they take to keep things running smoothly and securely. A typical example is a security measure where users are required to have passwords of a particular length and to change them regularly. This may increase the security of the organization, but it causes inconvenience for users. If an individual is in a position of influence, he may demand to be exempted from the measure.

Without agreement on policy, it can be very hard to know who has responsibility for making what decisions and to have everyone support those decisions.

Best Practices

1. Have policies.
2. Write down your policies.
3. Have the CEO sign off on all policies.
4. Make sure all employees understand the policies.