6 Tips for Creating a Unified Communications Policy (IT Toolbox Blogs)



Today’s unified communications (UC) solutions are available in many forms and can be comprehensive and integrated across corporations, with many cross-functional business processes. In smaller companies, they can be simple, without any integration with anything. This article explores the elements of and policies that may apply to UC, offers a couple of examples, and explains the exposure if your firm has no formal UC policy. Finally, it offers six tips for creating a policy for your firm.

What Are the Elements of UC?

Although definitions have dominated discussions of UC and UC as a Service for years, I consider all the following elements for this policy discussions:

 

  • Voice, including voice over IP

 


 


 


 


 


 


 


 


 

  • Desktop, soft phones, and mobile phones

 

  • Voice-related applications

 


 

The Challenges of Implementing a UC Policy

Some vendors that offer fully integrated vertical solutions include policy management as part of their integration, but more often, small and medium-sized businesses select only a handful of elements from the above list and don’t have central IT resources to enforce policies. The type of business drives the level of policy required, so let’s look at the risks of not having a policy.

 








Policy

No Policy

Results

Manage compliance

Limited or no compliance

Legal and security issues can arise with no policies, including loss of business.

Eliminate shadow IT

With no policy, Slack and similar UC apps can penetrate networks, leaving security gaps and leakage of private data.

Legal and security issues are exposed without proper governance; potential public relations issues can arise.

Human resources (HR) policy

No HR involvement potentially exposes many personnel issues.

Leave the corporation exposed with respect to compliance and security; state and federal wage compliance problems can arise.

Guidelines in company manual

Little in the way of formality leaves gaps.

Potential law suits and attacks such as distributed denial-of-service attacks, spoofing, and SPAM management.

 

Examples of Who Does Have a UC Policy

Two companies that have existing UC policies are Cisco and Verizon. Both policies are comprehensive and require resources to create and maintain. Both companies have many employees, many contractors on some occasions, and many customers; they must have comprehensive policies to protect themselves from exposing protected data, trade secrets, and damaging reputations.

They go one step further to integrate applications, prevent external exploits, and implement regional policies. For example, some countries have stricter compliance laws than others, as do some states within the United States. 

Government branches must have UC policies to protect interdepartmental and customer communications, especially in this age of collaboration. Business risks must be mitigated while the organizations strive to increase productivity. Finally, desktop phones, mobile phones, and related voice app policies must be considered as companies enhance those tools.

Create a UC Policy

This article points out several items your business should consider. As you review them, consider aspects of your firm’s business processes and compliance needs while creating a UC policy (if one doesn’t already exist). Here are my top six tips for creating your UC policy:

 

• Review your corporate HR and operations manuals (and others, if they exist).

 

  • Review existing policies for the corporation for aligning business processes related to information sharing both inside and outside the firm.

• Ensure that there are references and a specific section for a UC policy, and describe what can and cannot be done in your firm for:

 


 


 


 

  • Communicating outside the firm with anyone;

 


 


• Publish your firm’s UC policy.

• Add the UC policy to the company manual.

• Hold internal training sessions.

• Execute: Hold everyone accountable—no exceptions.

Summary

This article is intended to help entrepreneurs and managers, CEOs and chief security officers, small business owners, executives, and everyone involved in business communications at every company. Failure to maintain a UC policy is a huge exposure that could generate fines, loss of competitive position, loss of revenue, increased costs, and impaired security.

Are you prepared?

 

About the Author

Bill

Bill Miller is VP of marketing for Fiber Mountain. He also consults for companies at the VP level. Formerly VP of operations at FreedomVoice, a cloud-based PBX company, Bill brings more than 25 years of voice, data, and security networking experience to his work. A frequent speaker at IT Expo on VoIP, he co-created Asterisk World in 2007. He is an analyst for Studio B.

Source: SANS ISC SecNewsFeed @ February 17, 2017 at 03:09PM

0
Share