Maintain Ethical Conduct Implementing Policies

Workplace Policies and Procedures When you start a job, your induction should explain the policies and procedures you must work under A workplace policy is a general statement of intention relating to legislation, standards or the values of the organisation A workplace procedure contains practical information and directions on how work is to be carried out to an acceptable standard You may also need to conform to code of ethics and professionalism

Adherence to Policies & Procedures As an IT professional, you need to adhere to policies, procedures and codes from: Your workplace Your profession (e.g. ACS) Federal and state governments In the areas of ethics, copyright and privacy There is a lot of new IT-related legislation Spam Act 2003 (Cwlth) Electronic Transactions Act 1999 (Cwlth) If you cannot determine what to do, it may be necessary to help create or change workplace policies and procedures

Contributing to Policies, Procedures and Codes Before you create or modify anything, what steps should you take? Consideration of legal, organisational, client and community requirements and expectations Examination of existing policies/procedures/code either internally or from industry bodies and similar organisations Preparation of a draft policies/procedures/code for review Consultation with stakeholders and integration feedback Approval and finalisation policies/procedures/code Publication of the policies/procedures/code

Contributing to Policies, Procedures and Codes You will need to consider what legislation and standards will apply to the policies, procedures and codes you are writing You also need to know what the business is doing and how it will be affected by the new policy, e.g. Do you publish materials that are created by your organisation? Do you have access or make use of materials created by others? Do you capture personal information? What do you expect of your employees? Who will be responsible for monitoring how you comply with policies? How will they do that?

Distributing Privacy Policies and Procedures Once you have completed it, how do you promulgate it throughout your business? Emails – instant “mass-mailout” Memo – more formal announcement for major changes Newsletters – regular information dissemination Presentations – to raise awareness and explain decisions and the implications Group and individual meetings – to allow two-way communications Workshops and training for the staff Websites, journals and the intranet – for on-going reference to the new policies, procedures, forms, etc.

Implementing Procedures A procedure contains practical information and directions on how an activity is to be carried out to an acceptable standard. An ethical procedure is one that is fair and equitable, is appropriate in terms of privacy and confidentiality, and complies with relevant standards and legislation Changes cause disruption You need to train employees in the procedure It may take time to phase in the procedure

Reviewing Policies, Procedures and Codes Once implemented, does it work? You need to assess this Have a set of questions. Are the answers to the questions acceptable? Example: is the workplace privacy policy OK? Is there a Privacy Policy? Is the Policy easy to find? Does it identify type of personal information collected? Does it identify how personal information is used, disclosed and to who? Does it explain how a user can access and update their personal information? Does it describe how the information is stored?

Reviewing Policies, Procedures and Codes You also need to review the procedures and practices related to the policy This may include: formal processes such as documentation of tasks, performance reviews, audits, inspections, quality control processes and staff informal channels such as team meetings and individual discussion to communicate the expectations of ethical conduct