Email Policies: Tools to Govern Usage, Access and Etiquette


We all know that email is an indispensible tool for business communication, but it's not without risk.  If misused, email has the potential to damage key business interests in multiple ways.  But, much like policies used for data security, email "policy" offers a way to minimize these varied risks and protect related interests.  Read on to learn how it works.

Start with a Review of Risks and Rewards

Email is a fast, easy and readily accessible means of business communication.  It has changed the way we communicate.  These are the obvious rewards - but they are also the basis of every risk.  Whenever email content is ill-advised, inappropriate, or even gets into the wrong hands, negative consequences can follow, including legal liability, regulatory penalties, confidentiality breaches, damage to corporate reputation, public embarrassment, internal conflicts, and all the related losses in productivity and performance that these circumstances can cause.  Further, data loss and damage to technology assets can be realized through the transmission of malicious code, spam and computer viruses.

Perform the "What-if" Analysis: What are the risks to my organization of email abuse and/or misuse, and what are the likely consequences if these risks are not properly addressed? The next step is to weigh the costs and complications of all mitigating actions, and to then strike an appropriate balance between risk and probability.

To eliminate email usage is impractical and even unthinkable - so the goal has to be to minimize the risks through the best means possible - and that is through the use of physical security precautions and practical, relevant and enforceable email policy.  To realize all of the intended goals and objectives, related policies (which will integrate closely with data security and internet usage policies) must encompass four (4) key governance needs:

  1. Email Usage:  To determine the circumstances under which email can and will be used within a given organization, whether there will be any limits and/or restrictions on the types of information that can be transmitted via email, as well as any limits and/or restrictions on the use of business email systems for personal communications.
  2. Email Oversight:  To establish that emails are official company records and to determine the manner in which email usage will be monitored and controlled, including the "ownership" of email content transmitted on business email systems.
  3. Email Etiquette:  To establish formatting, content and usage guidelines designed to minimize the risk that email content will be deemed unprofessional, offensive, inappropriate or subject to ridicule and criticism.
  4. Email Management:  To establish and implement appropriate technical controls to limit the risks of inbound email spam, virus and malicious code, and to establish automated procedures for email backup, storage and retention.

As a whole, usage, oversight, etiquette and management parameters must be combined to formulate "policy" that is aligned with business and technical needs, realistic considering actual communication needs, and enforceable considering corporate culture and related technical abilities.

Key Questions for Policy Scope and Content

To ensure that all usage, oversight, etiquette and management needs can be met, adopted email policies must be designed according to anticipated email usage, corporate culture, characteristics, business requirements, legal requirements, technical requirements and internal capabilities for enforcement.  The list below provides a head start for policy planning, listing the key questions to be considered and addressed as part of the policy development process:

  • Policy Purpose
    • What are the specific goals of this email policy?
    • Why has the policy been created (considering the background events leading to policy development)?
    • What will the policy accomplish considering email usage, access, etiquette and management goals and objectives?
  • Policy Basis
    • What is the underlying authority and/or organizational basis for this email policy (considering internal guidelines and/or external regulatory requirements)?
    • Do you have sufficient executive support to sufficiently enforce compliance with all of the policy provisions?
  • Policy Scope
    • What are the organizational targets of the policy considering company-wide applicability, division specific application, departmental application or location specific application?
  • Policy Stakeholders
    • Who are the policy stakeholders considering both individuals and groups who have a vested interest in the policy and ability to influence the outcome?
    • What are the specific roles and responsibilities required to implement, administer and enforce all policy terms, including all stated compliance obligations?
  • Email Management
    • What are the means and methods to be utilized to manage and secure all email systems considering access,  standards for email addresses, restrictions on attachment size, remote access, spam and junk mail limitations and related management controls?
  • Compliance and Enforcement Guidelines
    • What are established guidelines for email policy compliance?
    • Will there be any exceptions and/or waivers with regard to policy compliance?  If so, what are the terms under which exceptions and/or waivers will be granted?
    • How will compliance be enforced and what are the consequences for a failure to comply?
    • How will employees be provided with training relating to email policy compliance?
    • What types of auditing procedures will be used to monitor and promote email policy compliance?

Institutionalize Email Etiquette

Many of the goals and objectives of email policies can be achieved through the use of physical controls on email access, particularly limitations on inbound junk mail and spam.  On the other side, email etiquette is far more difficult to implement and enforce, but it is no less valuable towards achieving the ultimate policy goal - to maximize the value of email communication and minimize the risk.  While etiquette guidelines can become quite extensive, at a minimum, every effective email policy should incorporate the following parameters:

  1. Tone:  Email content should always be professional, courteous and respectful.  Appropriate greetings, salutations and sign-offs should always be used.  Just as shouting or abusive language is not to be tolerated in the workplace, neither should "all caps", excessive exclamation points or other indicators of anger be allowed in email communications.
  2. Quality:  Email content should reflect appropriate formality in communication, avoiding spelling errors and using proper grammar and punctuation.  Subjects should be relevant to the message contained, avoiding tacking new subjects on to other lengthy email threads.
  3. Clarity:  Email recipients should be aware of their place and role in a given message and communication thread.  A "to" is different than a "cc" (and certainly a blind cc).  Individuals who are cc'd on a message should not respond as if they were the designated recipient - this only leads to confusion and miscommunication.
  4. Concern:  Email should always be given the respect it deserves.  End-users should be encouraged to never send email communications in anger and to always protect the email addresses of others when appropriate.

Tips to Remember:  Every email policy should be implemented and enforced consistently (avoiding selective enforcement), with specified steps to monitor compliance.  It's also important to remember that if compliance should prove lacking, policy terms should be reviewed to ensure that the fault does not lie in the policy itself.  Realistic policies, that are suitably relevant to business needs and properly communicated should garner significant compliance.  In the end, policy promotion and end-user training will be essential to realize required benefits.

For more on IT policies, download our free IT Policy Templates (for policy preparation and evaluation) and see the policy related articles listed below:
Six Keys to Sound I.T. Management Policies
Planning Policies for IT Asset Management
Policy Planning for End-User Technology Standards


The Project Committee Planner and Template Kit

The Project Committee Planner and Template Kit

The Project Committee Planner and Template Kit provides time-saving steps and customizable templates to organize, operate and evaluate all types of project committees.  Available for instant download.


About Us: We're Right Track Associates, proprietors and publishers of multiple web sites including ITtoolkit.com, Fast Track Manage, HOA Board List and more. We started ITtoolkit.com in 2001 and have continued to grow our web site portfolio, Toolkit products, and related data services.   To learn more, start with our home page.

Learn more about the Service Strategy Toolkit from ITtoolkit.com

IT'S TIME FOR THE I.T. SERVICE STRATEGY TOOLKIT

From ITtoolkit.com!

Are you ready to lead your I.T. department to become more valued, relevant and responsive? If so, then you need the IT Service Strategy Toolkit from ITtoolkit.com! The Toolkit teaches you how to "add value" to IT projects and services -- using our time-saving "service strategy process". It's ready for instant download, filled with 400+ pages of steps, guidelines, practices and templates. Find Out More

FEATURED MANAGEMENT TOPIC:

Project Fast Tracking

What is it?

Strategic "project fast tracking" is a streamlined project management process, specifically used to overcome the most common types of project obstacles, including insufficient time, resource shortages, budgetary deficiencies and stakeholder conflicts.

Articles:

Part 1: What is Strategic Fast Tracking?

Part 2: Evaluating Projects for Fast-Track-Ability

Part 3: Pinpointing Project Priorities

Learn more about the Fast Track Project Toolkit

The Fast Track Project Toolkit provides the entire "fast tracking" methodology in one complete package, filled with how-to concepts, practices and templates. Available for instant download.


Articles, Tips & Offers Right to Your Inbox

Sign up for the ITtoolkit.com newsletter and be the first to know about our latest blog articles, templates, white papers, infographics, and special offers.

We won't overload your inbox and we don't share or sell subscriber information. Just enter your email address below.