New to HR: How Do I Create a Firewall Policy for Employee Internet Use?

soniya2277

Hi all, this is my first post. I hope I'll get guidance from you guys. In my company, a firewall policy for employees regarding internet use needs to be created. As an HR fresher, I have been asked to create a standard policy regarding this. Does anybody have any ideas regarding this?

jasmin_mlw

Welcome to CiteHR. First of all, try to understand the actual requirements of your management and what they truly want. After gathering ideas regarding these requirements, review your company’s environment. Then, prepare a draft manual of the policy and present it to the management.

vineetabhatt2000@gmail.com

This is my first post as a reply in the CiteHR discussion.

Formulating a Policy: Steps to Follow

There was a discussion on formulating a policy that requires a series of steps to follow. It may be useful to create any policy in the organization. The steps are as follows:

General Steps for Formulating HR Policies

- Identify the important policy issues for your organization. Work with the members of your organization responsible for policy development to make a list of the policy issues you need to address. Consider:
- Current laws
- Funder requirements
- Any collective agreements that affect your organization

- Ask yourselves these questions about each potential policy:
- Does the size of our workforce justify having a policy about this issue?
- What do we hope to accomplish with this policy? What are the outcomes?
- Will this policy foster something our organization believes in? (For example, if an organization has a "family first" philosophy, it might want to have family-positive policies, such as flexible work hours.)

Collect Information

Collect information on past practices in your organization. Research policy models in organizations similar to yours.

Draft the Policy

Write a first draft. Include the following content:
- Policy name
- Effective date of the policy and date of any revisions
- Approval status (At this stage, the status is "DRAFT.")
- References (List other policies and documents related to this policy.)
- Purpose of the policy (what it is intended to promote or achieve)
- Main policy statement
- Definitions of any key concepts or terms used in the policy
- Eligibility or scope (what groups of employees are covered by the policy)
- Positions in the organization responsible for implementing and monitoring the policy
- Procedures for carrying out the policy, written in numbered steps.

Include the following formatting to help the reader navigate:
- Section names and numbers
- Page numbers and total number of pages (Example: "Page 6 of 8.")
- Headers and footers.

Circulate and Revise the Policy

Give a copy of the draft to each key member of your organization involved in policy development. Discuss and agree upon revisions. Prepare the final draft.

Get Approvals Needed to Put the Policy into Effect

If your Board is responsible for giving the final approval, it is often done with a formal, recorded motion. The motion can include a date in the future when the Board wishes to review the policy again.

Regards

arvi2win

It's nice to see that people are sharing a lot. I would like to welcome Ms. Soniya to citeHR, and it was really a nicely illustrated reply from Vineeta on the first reply; it's really impressive. Thanks to her too. The suggestions of other members are really interesting. You need to check the various aspects and issues generally people have in handling the internet: use or misuse. Create and provide clear documentation for each rule and network object while defining it well, so that even fresher members can understand.

Tips for Policy Development

A few tips I got from the IBM site for you:

- Make sure the policy development team has been very thorough in defining what employees can and cannot do. The team should consider all internal areas, not just Internet access. For example, if only HR employees can access the payroll system, this should be defined in the Acceptable Use policy. Should all employees have access to production systems?

- You also need to check for Internet access. Are there any sites employees cannot access? Any technologies they cannot use, such as Napster, streaming media, ICQ, Yahoo Messenger, social media sites, FTP, Telnet, etc.?

- Policies also need to be reviewed on a periodic basis to ensure they are still representative of what is in place. Most companies review their security policies on an annual basis and update the information as necessary.

Sorry for the lack of time to give you a better response as of now, will surely upload the document later. Hope the suggestions will work for you.

Regards,
Arvi

If you are knowledgeable about any fact, resource or experience related to this topic - please add your views. For articles and copyrighted material please only cite the original source link. Each contribution will make this page a resource useful for everyone. Join To Contribute