3. Policy documentation - keep it simple, or go full bureaucratic blah blah?

Policy documentation - keep it simple, or go full bureaucratic blah blah?

OP wasn't talking strictly about legally protecting company.

Correct.

I suppose this comes down to what you think the purpose of a policy is. To me, it is to communicate something. To communicate the company's policy, guidelines, what have you, about X, Y or Z. If you create some obnoxiously complex, long, unreadable document... you are failing to communicate that policy to people.

If, however, you think the purpose of a policy is to build some legal defense foundation, then I can see why you would insist it was 2 to 3 times longer than necessary and written by lawyers in legalese.

The other interesting part of the conversation that has sprung out of this is that I was not just talking about policies that might have legal implications. But that is where everyone's minds seemed to go. I was talking about IT policies in general.

A policy explaining how we expect staff to sign out travel laptops. Do we really need to a hire a lawyer to make that a 3 page document so that it can stand up in court if someone sues us?!

Another example, this data security plan I'm reviewing right now has 2 and a half pages of paragraphs waxing poetically about passwords. None of this is legally relevant, and almost none of it actually outlines this companies actual password policies. It is all just fluffy words added for reasons that are not clear to me, but I suspect it is because whoever wrote this up thought they needed to type lots of stuff in here to make it sound official.

It is all very silly, and very unnecessary.

/r/sysadmin Thread Parent
Previous
Next

Recently removed from /r/sysadmin

I know of a crazy vulnerable Exchange server at my old work. What to do? Details inside. Intune Windows LAPS - Configuration Profile Applies Successfully, Yet Nothing Happens...Why? Woman starting in IT next month. Should I be worried or not? How to run a meaningful CyberSecurity Risk Workshop/Assesment Amazon Outage I don't know what I'm doing and I need help What's the point of using BitLocker with TPM instead of password when someone can always access your computer without entering a password on boot? How many of you despise IoT? Onboarding 1200 New Users - how to communicate passwords? Gen Z also doesn't understand desktops. after decades of boomers going "Y NO WORK U MAKE IT GO" it's really, really sad to think the new generation might do the same thing to all of us Modern SQL Express Backup Solution [GA] Employee claims she can't use Microsoft Windows for "Religious Reasons" So I got a "correctional talk" yesterday. Rant about new age "senior" IT "specialists" who don't know how to wipe their butt. Do you think remote work is slowly dying? Most companies seem to be pushing RTO, even big tech you folks think ?

More Random Comments

New Poster for Ben Affleck's "Air" Public Charging Etiquette Tomahawk Land Attack Cruise Missile moments before it destroys its target. US has replaced Russia as Europe's top crude oil supplier What’s great about Utah? The forty-fifth State in the Union! OPP officer guilty of sexual assault on unconscious woman and recording it to 'teach her a lesson' I want Atlantis Engineer's Questions to Fire Chief of Reading, PA on Factory Explosion Fri 25, 2023 Never talks about rehab/residential Burst mages? non United States folks: what do you think of The Great Gatsby? TIA Portal v18 opc client error 8601 Uncharted PS5 not recognising VRR and 120 hz on LG C1 Engineer's Questions to Fire Chief of Reading, PA on Factory Explosion Fri 25, 2023 Caffè Italia * 30/03/23