policy compliance walkthroughs

Andy ITGuy posted a picture of a login and password taped to a keyboard. Awesome! So, how does one combat this besides just waving the policy around (since I’m not gonna bet my salary that that will work)?

First, I love the idea of walkarounds. I know it sounds juvenile, but some night do a walkaround inspection of the premises, especially cubicles/workplaces. THis can be done in phases of small random samples, as well.

Second, document and fix any mistakes. That login information on the keyboard? Photograph it and remove it and destroy it. That way the next time someone needs to get on there, they have to ask someone or make a cognizant effort to recall the information. That might be all the goading they need!

Third, maybe write up people who break the rules, but that is difficult at times to get managers and HR to get behind and put some teeth into. Instead, dock teams of people (or departments) points for policy breaks and reward the teams who break the least rules. Give em an extra day off, a pizza lunch, or whathaveyou. And no, a luncheon with the CEO is NOT a reward (yes, I’ve seen that!). Make it something people want just enough to add a little social pressure to comply. And try to keep it on the positive side of conditioning.