03-22-2018, 05:13 PM | #1 |
Fool
1857
Rep 3,542
Posts |
Company handbooks/policies
Why are they always such utter wank?
I've been 'assigned' a task to 'read, understand and agree to' our company handbook and infosec policies. This is fine in theory, but the fucking things are written by people who clearly don't read the whole lot together, and as such there's so many contradictions it's impossible to agree to! I'll get hounded by my seniors and HR if I don't agree to it but I can't actually agree to it. According to the handbook and infosec policy: 1) All of my creations belong to the company (coffee table, CD rack, sledge etc) and must be surrendered upon leaving - guarantee they're not talking about these items but there's no distinction. 2) I'm allowed to use company email for personal usage - surprising but fair one 3) I'm allowed to use the internet for personal usage but at a minimum - fair 4) I'm not allowed to download copyrighted work (so what about that pesky browser cache?) 5) Internet usage is for business use only (erm? See point 3) 6) personal mail and personal internet usage must be approved separately (erm? See points 2 and 3) 7) The links to further documents point to a wiki that has since been decommissioned. I am expected to have read and understand these links... 8) The password policy is incorrect, it's totally different to as described. 9) I'm prohibited from connected personal devices to the corporate network (despite this being allowed via VPN and encouraged in my side of the business). I know it's a box ticking exercise and I know it's all bullshit, but what's the fucking point if they can't even get the document to agree with itself?
__________________
|
03-22-2018, 05:46 PM | #2 | |
Banned
4280
Rep 7,703
Posts |
Quote:
I know a few people who've been had by e-mail policy and internet policy when a company wanted them out, but didn't want to make them redundant or pay notice. |
|
Appreciate
0
|
03-22-2018, 06:01 PM | #3 |
General
6733
Rep 20,651
Posts |
Sounds like a poorly implemented policy.
Also it's not a box ticking exercise. Enough companies have been hit with Ransomware etc from poor info sec. Having a decent info sec awareness and training system in place, rather than tedious policies is far better for staff and security in general. I wrote pretty much all of ours from scratch, non are overly long but are shit reading material. That's why awareness training is better, you can cover real life stuff. I have a pet hate of poorly written and ineffective policies (read enough of them), if they can't create a decent policy, how can they have effective controls? |
Appreciate
0
|
03-23-2018, 01:14 AM | #4 |
Major General
13347
Rep 7,484
Posts |
Clearly the person writing it didn't have the brain or experience. I have written national policies for HMP and clear wording is essential followed and supported by training if required.
|
Appreciate
1
....,,,,..,,..6732.50 |
03-23-2018, 04:38 AM | #5 |
Lieutenant General
8770
Rep 12,251
Posts |
Don't sign it. Send it back pointing out some of the contradictions and point out that it is ineffective and needs rewriting and then resigning by every employee. HR will love you...
|
Appreciate
1
TodmordenLad2875.50 |
03-23-2018, 08:41 AM | #6 |
Captain
435
Rep 940
Posts |
It is very much a box ticking/CYA exercise. If something happens, the executives want to be able to point to the policy and blame the employees for not following it.
|
Appreciate
0
|
03-23-2018, 10:13 AM | #7 | |
General
6733
Rep 20,651
Posts |
Quote:
For example, physical security, with decent physical security in place you can prevent normal thefts, restrict access to certain areas etc. Also when properly delivered and with effective controls, a lot can be transposed to a persons private life. Also statements such as the Exec want to blame the employees, is bit pointless statement, considering the various levels from Temp staff, basic employee to managers and directors before getting to Exec level. Proper systems provide protection for staff, as clear effective processes if followed make it hard to blame an individual. Unfortunately a lot of people creating systems and policies fail to realise the basics. |
|
Appreciate
0
|
03-23-2018, 11:51 AM | #8 | |
Fool
1857
Rep 3,542
Posts |
Quote:
__________________
|
|
Appreciate
1
Goneinsixtyseconds4279.50 |
03-23-2018, 12:08 PM | #9 | |
General
6733
Rep 20,651
Posts |
Quote:
I would politely point out the policy is outdated and likely more of a liability than not having one. In March 2018 there should not be companies with outdated info sec related policies, not with GDPR 62 days away, however they will be plenty that do not have a clue. |
|
Appreciate
0
|
03-23-2018, 12:15 PM | #10 | |
Fool
1857
Rep 3,542
Posts |
Quote:
__________________
|
|
Appreciate
0
|
03-23-2018, 01:28 PM | #11 |
Second Lieutenant
183
Rep 207
Posts |
Don't sign it if you don't agree with it. They work on the basis that most employees are too scared to challenge it or too stupid to understand what it is they are signing.
I got given a new contract 11 months ago that I still haven't signed. I put a few questions back to HR who never followed up with me, so I didn't chase. Last week I got a separate short confidentially document to sign instead, bizarrely wrapped up in a statement that gives HR permission to give my bank details to the relevant department to pay my expenses. Since I already get paid my expenses just fine I didn't sign that one either. When I pointed out I haven't signed the contract as I haven't heard anything back from them yet there was some head scratching and ERM...oh shit we haven't done anything about that yet we'll get back to you. |
Appreciate
0
|
03-23-2018, 02:32 PM | #12 | |
General
6733
Rep 20,651
Posts |
Quote:
A lot of companies are having to reissue agreements, documents etc as part of the new elements of GDPR. We recently went through a similar process with 3rd partiy authorisation. Without updated details that are inline with GDPR, things like expenses may not get paid. |
|
Appreciate
0
|
03-23-2018, 04:09 PM | #13 | |
Brigadier General
2472
Rep 4,653
Posts |
Quote:
__________________
Steve Roberts UK
F82 M4 I'm running the 2024 London Marathon for the British Forces Foundation - https://www.justgiving.com/fundraising/sr5/ |
|
Appreciate
0
|
05-01-2018, 06:41 PM | #15 |
Fool
1857
Rep 3,542
Posts |
As an update to this, after going around the houses,talking to the corporate legal team and my own lawyer, I now have my own waiver written which over-rides the company handbook and will remain until removed by both parties and in writing.
It does make me wonder, if they're that willing to roll over and agree to the terms employees set out, why bother with the set terms in the first place? Surely anyone who is likely to be a pain to the company will read things properly like I did? Are they hoping that people don't read it and then agree blindly regardless of their plans? It honestly baffles me.
__________________
|
Appreciate
0
|
05-01-2018, 07:03 PM | #16 | |
Major General
4271
Rep 6,944
Posts |
Quote:
When my lawyer asked for that clause to be struck out, they agreed. It got me wondering how the hell that clause evaded the hundreds of people who had bought before me. It turned out that the vast majority had used the developer’s recommended solicitor. Perhaps something similar happened. |
|
Appreciate
0
|
05-01-2018, 07:05 PM | #17 | |
Fool
1857
Rep 3,542
Posts |
Quote:
Mind you, what idiot doesn't discover the new build having a leasehold instead of a freehold... All the morons.
__________________
|
|
Appreciate
0
|
Post Reply |
Bookmarks |
|
|