Chat with Experta

User
How to make sure employees comply with security policies and procedures?
Experta
Here are the best practices to make employees comply with documentation:
1. Write the documents that make sense for employees - for a smaller startup company, write shorter documents with easy-to-understand language; for a larger corporation, use the format of the documents that employees are already used to.
2. Send the documents for review to several people in the company that will have to comply with these documents - by doing this, you will get valuable inputs on how to improve the documents, and once you make those changes, you will get the commitment of these people.
3. The documents must be approved by an authorized person - the more authority this person has, the more likely the people will comply with the documents.
4. Train the people on how to perform new activities or use new technology defined by new documents - to prevent wrong activities or their avoidance.
5. Make people aware of why these documents are important - to avoid negative attitudes.
6. Update the documents regularly - to prevent people from avoiding documents.

Note: Documents could be in many forms - policies, procedures, work instructions, plans, etc.

Note: At the certification audit, nonconformities are most commonly raised because the employees are not complying fully with various policies and procedures or completely disregarding some documents.

Examples:
For example, if you are writing a Training procedure in a small manufacturing company:
- Define only the most important steps - e.g., who is in charge of defining the competencies, who is in charge of approving the costs, and how the measurement of the training effectiveness is done - without specifying other details that would not be appropriate for a small company.
- Send the draft procedure to other heads of departments whose people need to be trained - e.g., Head of Production, Head of Logistics, etc.
- Ask the Plant Manager to approve the procedure.
- Train the HR administrator on creating the after-training surveys to measure the training effectiveness.
- Make all the heads of departments aware that this procedure is important to avoid gaps in knowledge and avoid unnecessary training.
- Assign the Head of the HR Department as the owner of the Training procedure, and ask her to update the document every 12 months.