Employee Handbook

Company Background & Operating Environment
Red Clay Renovations is an internationally recognized, awarding winning firm that specializes in the renovation and rehabilitation of residential buildings and dwellings. The company specializes in updating homes using “smart home” and “Internet of Things” technologies while maintaining period correct architectural characteristics. Please refer to the company profile for additional background information and information about the company’s operating environment.
Policy Issue & Plan of Action
The company has grown substantially over the past few years. The current Employee Handbook was created from a set of templates purchased from a business services firm. The policies in the handbook were reviewed by the company’s attorney at the time of purchase. The attorney raised no objections at that time. During a recent legal review, the company’s corporate counsel advised that the company update the Employee Handbook to better address its current operating environment. The Chief Executive Officer has tasked the Chief of Staff to oversee the handbook updates including obtaining all necessary approvals from the Corporate Governance Board.
The Chief of Staff met with the full IT Governance Board to discuss the required policy updates. (The IT Governance Board is responsible for providing oversight for all IT matters within the company). The outcome of that meeting was an agreement that the CISO and CISO staff will update and/or create IT related policies for the employee handbook. These policies include:
• Acceptable Use Policy for Information Technology
• Bring Your Own Device Policy
• Digital Media Sanitization, Reuse, & Destruction Policy

Your Task Assignment
As a staff member supporting the CISO, you have been asked to research what the three policies should contain and then prepare an “approval draft” for each one. No single policy should exceed two typed pages in length so you will need to be concise in your writing and only include the most important elements for each policy.
The policies are to be written for EMPLOYEES and must explain employee obligations and responsibilities. Each policy must also include the penalties for violations of the policy and identify who is responsible for compliance enforcement.
Your “approval drafts” will be submitted to the IT Governance Board for discussion and vetting. If the board accepts your policies, they will then be reviewed and critiqued by all department heads and executives before being finalized by the Chief of Staff’s office. The policies will also be subjected to a thorough legal review by the company’s attorneys. Upon final approval by the Corporate Governance Board, the policies will be adopted and placed into the Employee Handbook.
Research:

1. Review the sample policies and procedures
2. Find additional sources which provide information about the policy statements which should be covered in three policies for the Employee Handbook.
   Write:
3. Prepare briefing package with approval drafts of the three IT related policies for the Employee Handbook. Your briefing package must contain the following:
   • Executive Summary
   The Executive Summary should provide an excellent summary of the policy package’s purpose and contents. Information about the case study company should be well integrated into the summary. Each policy should be individually introduced and clearly explained. The material should be well organized and easy to read.
   • “Approval Drafts” for
   o Acceptable Use Policy for Information Technology
   The Acceptable Use Policy should contain an excellent introduction which addresses five or more specific characteristics of the company’s business, legal & regulatory, and/or enterprise IT environments and address the reasons why employees must comply with this policy. Compliance requirements should be addressed and contact information provided for questions about the policy. The policy should be well organized (including five or more section headings for topics) and easy to understand. The policy should address 15 or more employee responsibilities (15 or more separate policy statements) including all topics listed in the assignment.
   o Bring Your Own Device Policy
   The BYOD Policy should contain an excellent introduction which addresses three or more specific characteristics of the company’s business, legal & regulatory, and/or enterprise IT environments and address the reasons why employees must comply with this policy. Compliance requirements should be addressed and contact information provided for questions about the policy. The policy should be well organized (including three or more section headings for topics) and easy to understand. The policy should address 10 or more employee responsibilities (10 or more separate policy statements) including all topics listed in the assignment.
   o Digital Media Sanitization, Reuse, & Destruction Policy
   The media sanitization, reuse, and destruction policy should contain an excellent introduction which addresses five or more specific characteristics of the company’s business and/or legal & regulatory environments which impose requirements for this policy. Compliance requirements should be addressed and contact information provided for questions about the policy. The policy should be well organized (including three or more section headings for topics) and easy to understand. The policy should address all three functions (sanitization, reuse, and destruction) and include nine or more separate policy statements.
   As you write your policies, make sure that you address security issues using standard cybersecurity terminology (e.g. 5 Pillars of IA, 5 Pillars of Information Security).
4. Use a professional format for your policy documents and briefing package. A recommended format is provided in the assignment template file (see the recommended template).
5. You must include a cover page with the assignment title, your name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s page count.
6. Common phrases do not require citations. If there is doubt as to whether or not information requires attribution, provide a footnote with publication information or use APA format citations and references.
7. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.

Sample Solution