Phone: 630-495-2282 Fax: 630-495-2260 Map/Directions

Developing an effective computer policy

November 18, 2010

A company’s computer infrastructure is essential to its success, and misuse or abuse of the system puts the entire operation at risk. The essence of an effective computer policy is more than simply scripting a document to give to employees. Rather, the policy is a vital component of an overall approach to protecting the dealership’s computer infrastructure.


Once you develop a policy on acceptable computer usage, you must educate your employees on what the policy means and why adherence is important. You should devise meaningful penalties for policy breaches. And, you need to implement dealership-wide procedures to maintain and enforce computer security. 

Here are four steps to help you create your own policy:


1. Acceptable Computer Usage Policy The first step to protect your dealership’s computer infrastructure is to create an Acceptable Computer Usage Policy, which specifically instructs employees on their roles in protecting the computer infrastructure. The policy should contain all the "dos and don’ts" of safe and acceptable computing behaviors and should be reviewed and signed by every employee. 

2. Awareness Don’t just write a policy statement and pass it around for signatures. Take advantage of the opportunity to educate your employees on the potential risks and repercussions of not adhering to the policy. Most nontechnical people have no idea about the repercussions of risky behavior with computers. If employees understand why downloading files from unknown sources, for example, can open the doors to the network for a dangerous virus or worm, they will be more likely to accept the ban that is placed on such activities.


3. Penalties So you’ve created a policy, drafted a document for employees to sign, and held a training session to discuss the policy with employees. Is that enough? Hardly. Make sure employees know that the computer usage policy will be strictly enforced. The NADA’s policy is taken quite seriously; immediate termination can be the penalty for failure to adhere to the rules of computing, and there is no reprieve. If a breach occurs, you should be willing to follow through with enforcement, whether or not damage was done. Keep in mind that any penalties should be consistent. 

4. Enforce I.T. Procedures Now, take it to the next level and make sure the I.T. staff implements procedures to maintain security. An Acceptable Computer Usage policy signed by each employee doesn’t go far if your I.T. staff doesn’t go far if your I.T. staff doesn’t follow procedures to enforce it. If your policy indicates that passwords must be changed every 90 days, for instance, then the I.T. staff must enact a system to make such changes every 90 days. Your I.T. people will police your policy, secure your data, and keep your infrastructure from risk. Make your policy a living document.


This article was adapted from "A Dealer Guide to Computer Policies: Eliminating Risks," an NADA Management Guide that will be sent soon to all NADA members.