Small Business Policy Writing Part 1

             At Clear Guidance, our CIOs and operations consultants spend a significant time writing company policies. From incident response to HR, every small business needs a basic set of policies to keep things running. The most frequent question we get is “what policies do I need?” followed by “what should I have in my policies?” This series will take you through a basic orientation on policies your business needs and help you get started on writing and customizing them for your needs.

Part 1: Identifying policy needs

There are two major risks that exist at all small businesses: HR and cybersecurity. The initial policy writing efforts should focus on these two areas. At CGP we recommend the following policies are in place:

• A robust HR handbook that addresses:

  • Paid time off (PTO) and sick time

  • Disciplinary processes

  • Harassment and complaint procedures

  • Confidential information handling

  • Payroll

• A network use policy that covers

  • Work from home

  • Social media use

  • Cybersecurity requirements

• Incident response plan for when (not if!) a disaster strikes

• Disaster Recovery / Business continuity, specifically outlining the time frames for recovery and acceptable data loss

• Wire transfers – requirements for sending money, or making changes to customer and vendor payment processes

When writing policies, think back to elementary school, remember the 5 Ws? Two of them are critical to policy writing:

• Who: should make decisions, be involved, be notified

• When: should something be communicated, the next step initiated

The remainder of this series will walk through writing the actual policies.