SMALL BUSINESS POLICY WRITING PART 1

Written By Trey Hiller

At Clear Guidance, our CIOs and operations consultants spend a significant time writing company policies. From incident response to HR, every small business needs a basic set of policies to keep things running. The most frequent question we get is “What policies do I need?” followed by “What should I have in my policies?” This series will take you through a basic orientation on the policies your business needs and help you get started on writing and customizing them for your needs.

Part 1: Identifying policy needs

There are two major risks that exist for all small businesses: HR and cybersecurity. The initial policy writing efforts should focus on these two areas. At CGP, we recommendthat the following policies be in place:

  • A robust HR handbook that addresses:

    • Paid time off (PTO) and sick time

    • Disciplinary processes

    • Harassment and complaint procedures

    • Confidential information handling

    • Payroll

  • A network use policy that covers

    • Work from home

    • Social media use

    • Cybersecurity requirements

  • Incident response plan for when (not if!) a disaster strikes

  • Disaster Recovery / Business continuity, specifically outlining the time frames for recovery and acceptable data loss

  • Wire transfers – requirements for sending money, or making changes to customer and vendor payment processes

When writing policies, think back to elementary school, remember the 5 Ws? Two of them are critical to policy writing:

  • Who: should make decisions, be involved, and be notified

  • When: should something be communicated, the next step initiated

The remainder of this series will walk through writing the actual policies.

Trey Hiller
Previous

SMALL BUSINESS POLICY WRITING PART 2
Next

THE PUMP ACT