InsightsNews

How to avoid falling victim to IT policy changes

By 7th August 2018 February 6th, 2019 No Comments

What policy change?! I didn’t know that…what do you mean it’s my fault?!

Many of us are guilty of skipping over the small print of a workplace policy – too many words, jargon and complexity. We put our confidence and good faith in our employer, who gives us the documents to sign or ‘tick’ our agreement with, and we move on with our daily work activities. However, what if there’s a policy oversight by you as an employer? Or, there’s an assumption that your employees have properly read and understood the policy?

When new technology is deployed, and a different way of working is expected to be adopted by employees, new IT policies may be needed. Yet, policy reviews and compliance checks can fall off the list of priorities. But, it really shouldn’t, especially if you want to avoid employee non-compliance or the wrath of the law.

Here’s some guidance on how you can avoid falling victim to IT policy changes when adopting new technology within your organisation.

Think about other company policies besides IT: technology change not only provides us with different devices and apps to use, but it also changes our behaviour and how we work. If mobile working has been facilitated because of the deployment, HR policies will need to be reviewed and updated to reflect this. Prior to deployment, liaise with all operational departments within your organisation to ascertain what policies and procedures will require updating or creating.

Don’t be complacent about ‘policy as a service’ or Shadow IT: yes, by shifting to the cloud you can ‘switch on’ usage constraints to reflect your IT policies, but this shouldn’t be your only strategy, just a complementary one. Likewise, not all employees will naturally adopt to the new technology and will continue to use alternative ‘Shadow IT’ outside of the organisation. Determine how best to address these two points and wrap into your policy conversations.

Consider industry regulations: some of the technology functionality that you have enabled may not be able to be used by some employees due to the regulatory constraints of their job. It’s not just about ensuring each user has the correct functionality to not put them at regulatory risk, but making sure each user understands why, that it’s written into a company regulatory policy and the user has agreed to it.

Determine the impact of omni-channel communications: has your new technology enabled instant messaging, screen sharing, employees to work on the move? Work closely with your compliance team to understand how this could affect employees. For example, in the NHS emails are admissible in court but instant messages aren’t. Sharing someone’s records on a screen could be breaching confidentiality. Who’s watching over your shoulder and reading your data when you’re working on a train? Is a text message agreeing pricing legally binding? Determine how you will control this behaviour and explicitly educate employees on it.

Incorporate policy changes into training: this will help employees to understand that it’s an important component of the new way of working, just like the technology. Recognise that one mode of training doesn’t suit all; include policy changes in both online and classroom training.

Communicate clearly and simply…and think message and tone: it’s about educating and helping your workforce to transition to a new way. The message should avoid using complex jargon and a ‘you must’ tone; rather it should be supportive and ensure employees feel they’ve been provided with a safety net. Creating a ‘policy’ brand identity will flag the importance of it to employees and help them to engage with the initiative, especially if it is your leaders communicating why they’re behind the change.

Get your advocates to do the talking: invest in a ‘champions network’ – a group of employees with mixed IT and soft skills sets, who have trust and influence within their colleague network, who you can train up as early adopters and be your word of mouth. Not only will they help colleagues to adopt the technology, but also policy changes.

Have a test strategy: Never assume that by emailing a policy change or by asking your employees to ‘tick’ their agreement to one that employees have fully read, understood or embedded it into their way of working. Provide ‘light-touch’ testing – be it an online survey – that’s mandatory so employees recognise its importance. You then also know they understand!

Our experience has been that policy changes can be overlooked during the transformation process, which is why when we engage with our clients we include the review of policies as part of our methodology and incorporate policy changes into training and communication programmes.