You can devote enormous amounts of time and talent to researching, planning, and writing your organization’s IM rules and policies, only to see your guidelines fail if you don’t devote an equal amount of attention to their implementation and enforcement. Without an ongoing commitment to comprehensive employee education, you really cannot expect your employees to comply or your IM risk management program to succeed.
Effective education begins with senior executives, managers, and supervisors. Before communicating your new IM rules and policies to employees, be sure your executive committee, managers, and supervisors are on board as IM policy advocates and enforcers.
To that end, it is essential that you conduct training for the executive and management ranks prior to employee training. Give executives and managers ample time to ask questions and express concerns that they may not be comfortable communicating in front of employees. Do not proceed with employee training until you are certain all executives, managers, and supervisors are 100 percent behind the organization’s strategic e-risk management goals, and are committed to enforcing your IM rules and policies. [5]
[5]Nancy Flynn, The ePolicy Handbook, New York, AMACOM, 2001.