The E-Policy Handbook: Designing and Implementing Effective E-mail, Internet, and Software Policies

Does your company or organization have a policy that covers writing style in electronic communications? Does your company or organization have cyberinsurance to cover losses attributed to errors or employee misbehavior using your e-mail systems? Does your company or organization offer netiquette training for employees and managers? These are topics that many do not think of but should and that are covered in detail in The ePolicy Handbook: Designing and Implementing Effective E-Mail, Internet and Software Policies by Nancy Flynn (256 pages ; The American Management Association, 2001). Though this book is a few years old, it is worthwhile for Human Resource managers and anyone else involved in the development of ePolicies for their company organization. The book starts out by covering what every organization should do when deciding what kind of business controls to put in place: the conduct of a risk-assessment. This step is key to putting together a team, conducting a control self-assessment (the author refers to this as an audit, which really is the wrong term from a business controls perspective). The second part of the book covers the establishment of over all ePolicies to limit liability and exposure. One of the key considerations here is the purchase of appropriate liability insurance. As the reader moves through the book, they will be walked through the steps to craft effective policies for the use of E-Mail. the Internet, and computer software (especially piracy issues). It is after this point where most readers will get perhaps the biggest surprise and guidance. Specifically, the reader will be walked through what steps are needed to truly make any written policies effective. This includes getting buy-in from all line managers, communication of the policies, training and following through. The reader will then be walked through the establishment of eWriting policies for employees, with the main point being that writing e-mail communications should follow the same rules and style of other written communication sent through snail mail. The book finishes up discussing how to respond to an eCrisis. The book is a very easy read and can be a valuable resource. The only things I did not like about the book is that there are too many points repeated in the book and the fact that the book did not include a CD-ROM of samples from the book was not included. The repeated points may have been for emphasis, but to this reader often seemed to be space filler. The only other caution for potential readers is that the book, while providing good information and examples, seems to be a lead-in as a commercial for the services and her colleagues in and around Columbus, Ohio. I wish that had been a little less blatant than as presented in Appendix E. The Scorecard: Par on an average Par 4.

This key to designing and implementing email and software policies in a company structure provides business owners and managers with important information on how to produce clear policies which regulate computer use. From workplace piracy to e-theft insurance, Nancy Flynn's The ePolicy Handbook covers a wide range of topics and concerns.

This book covers all of the key points and provides some excellent topics to include in a corporate e-policy. The goal of this book is to aid you in developing a policy that will provide clear, enforceable guidelines to your employees in the acceptable use of the Internet and electronic mail, and to protect your company's image.It starts out with a well developed approach to assessing your current situation with respect to Internet and software usage, and provides a handy list of questions to aid in this task. The key objective is to discover your company's exposures and what abuse of systems or services [if any] need to be immediately addressed by the policy. In order to fully understand the results of your assessment and how they relate to risks and exposures, the author provides fundamentals of "cyberlaw" and general security concerns that will indicate, roughly, the degree of risk your company faces. These are important considerations for tailoring an e-policy to which your employees can relate. I liked the chapter on cyber insurance products and how they can be used to transfer some of the inherent risks to an underwriter. I didn't even know such policies existed. The author also addresses software piracy, which can be a big issue because the world wide web has many sources for pirated software (commonly called "Warez"). It goes without saying that pirated software can expose your company to legal headaches and expenses, not to mention technical headaches and lost productivity that will occur if that stolen software also comes with a virus attached.The book then shows you how to develop an e-policy that is based on your assessment results, and the issues previously discussed in the book. What is valuable here is that the author provides a list of all elements that need to be included in the policy. Moreover the next chapters provide additional material that will prove to be invaluable in preparing your company for the policy. For example, there is a "Netiquette" primer for employees, on-line writing guidelines, and advice on training your employees. The training aspect of implementing an e-policy is especially important because many employees have home computers and are experienced Internet users. They might consider themselves to be experts and may resent being "constrained" by a policy that dictates how they use the Internet at work. Educating them and getting their "buy-in" is essential, and the author provides some effective ways to get that "buy-in".I found the sample policies in the appendices to be particularly valuable to use as guidelines for drafting a clearly-worded policy that covers all key elements. The applicable laws cited in the appendices were also valuable because they indicate the many sources of legal risks (and protection) that touch an e-policy. This book provides an excellent starting point for developing an effective e-policy that can be closely tailored to your company and "sold" to your employees. Its clea