The E-Policy Handbook: Designing and Implementing Effective E-Mail, Internet, and Software Policies

It starts out with a well developed approach to assessing your current situation with respect to Internet and software usage, and provides a handy list of questions to aid in this task. The key objective is to discover your company's exposures and what abuse of systems or services [if any] need to be immediately addressed by the policy.

In order to fully understand the results of your assessment and how they relate to risks and exposures, the author provides fundamentals of "cyberlaw" and general security concerns that will indicate, roughly, the degree of risk your company faces. These are important considerations for tailoring an e-policy to which your employees can relate. I liked the chapter on cyber insurance products and how they can be used to transfer some of the inherent risks to an underwriter. I didn't even know such policies existed. The author also addresses software piracy, which can be a big issue because the world wide web has many sources for pirated software (commonly called "Warez"). It goes without saying that pirated software can expose your company to legal headaches and expenses, not to mention technical headaches and lost productivity that will occur if that stolen software also comes with a virus attached.

The book then shows you how to develop an e-policy that is based on your assessment results, and the issues previously discussed in the book. What is valuable here is that the author provides a list of all elements that need to be included in the policy. Moreover the next chapters provide additional material that will prove to be invaluable in preparing your company for the policy. For example, there is a "Netiquette" primer for employees, on-line writing guidelines, and advice on training your employees. The training aspect of implementing an e-policy is especially important because many employees have home computers and are experienced Internet users. They might consider themselves to be experts and may resent being "constrained" by a policy that dictates how they use the Internet at work. Educating them and getting their "buy-in" is essential, and the author provides some effective ways to get that "buy-in".

I found the sample policies in the appendices to be particularly valuable to use as guidelines for drafting a clearly-worded policy that covers all key elements. The applicable laws cited in the appendices were also valuable because they indicate the many sources of legal risks (and protection) that touch an e-policy.

This book provides an excellent starting point for developing an effective e-policy that can be closely tailored to your company and "sold" to your employees. Its clear writing, completeness and sensible advice earn it 5 stars. I will offer one caveat: any e-policy developed based on this book or any other should not be issued until it has been carefully reviewed by legal counsel. I am not an attorney (I am a computer consultant by profession), however, I do know that such a policy touches so many aspects of privacy and employment law that you may put your company at greater risk by implementing a policy that has not been reviewed by qualified legal counsel than by having no policy at all.

Rating:
Summary: Cuts down on time to produce an effective e-policy
Review: This book covers all of the key points and provides some excellent topics to include in a corporate e-policy. The goal of this book is to aid you in developing a policy that will provide clear, enforceable guidelines to your employees in the acceptable use of the Internet and electronic mail, and to protect your company's image.

It starts out with a well developed approach to assessing your current situation with respect to Internet and software usage, and provides a handy list of questions to aid in this task. The key objective is to discover your company's exposures and what abuse of systems or services [if any] need to be immediately addressed by the policy.

In order to fully understand the results of your assessment and how they relate to risks and exposures, the author provides fundamentals of "cyberlaw" and general security concerns that will indicate, roughly, the degree of risk your company faces. These are important considerations for tailoring an e-policy to which your employees can relate. I liked the chapter on cyber insurance products and how they can be used to transfer some of the inherent risks to an underwriter. I didn't even know such policies existed. The author also addresses software piracy, which can be a big issue because the world wide web has many sources for pirated software (commonly called "Warez"). It goes without saying that pirated software can expose your company to legal headaches and expenses, not to mention technical headaches and lost productivity that will occur if that stolen software also comes with a virus attached.

The book then shows you how to develop an e-policy that is based on your assessment results, and the issues previously discussed in the book. What is valuable here is that the author provides a list of all elements that need to be included in the policy. Moreover the next chapters provide additional material that will prove to be invaluable in preparing your company for the policy. For example, there is a "Netiquette" primer for employees, on-line writing guidelines, and advice on training your employees. The training aspect of implementing an e-policy is especially important because many employees have home computers and are experienced Internet users. They might consider themselves to be experts and may resent being "constrained" by a policy that dictates how they use the Internet at work. Educating them and getting their "buy-in" is essential, and the author provides some effective ways to get that "buy-in".

I found the sample policies in the appendices to be particularly valuable to use as guidelines for drafting a clearly-worded policy that covers all key elements. The applicable laws cited in the appendices were also valuable because they indicate the many sources of legal risks (and protection) that touch an e-policy.

This book provides an excellent starting point for developing an effective e-policy that can be closely tailored to your company and "sold" to your employees. Its clear writing, completeness and sensible advice earn it 5 stars. I will offer one caveat: any e-policy developed based on this book or any other should not be issued until it has been carefully reviewed by legal counsel. I am not an attorney (I am a computer consultant by profession), however, I do know that such a policy touches so many aspects of privacy and employment law that you may put your company at greater risk by implementing a policy that has not been reviewed by qualified legal counsel than by having no policy at all.

Rating:
Summary: From workplace piracy to e-theft insurance
Review: This key to designing and implementing email and software policies in a company structure provides business owners and managers with important information on how to produce clear policies which regulate computer use. From workplace piracy to e-theft insurance, Nancy Flynn's The ePolicy Handbook covers a wide range of topics and concerns.