IT Policies for Supervision and EHM Programs

Introduction

As a lifelong technology fanatic, IT services veteran and current Aguardion operations director (one of my duties includes setting internal IT policy), I’m very familiar with IT best practices across SMB and government entities.

In this blog, I want to explore the importance of a general IT, equipment procurement, security and management policies for private and public sector probation/parole and electronic monitoring programs.

In a followup blog post, we will explore the importance of software procurement strategies, best practices and what considerations should be taken into account as your organization builds out its technology stack. 

What are IT policies?

IT policies are simply policies concerning the use of software, services and company issued technology. ‘No personal business on company computers during company time’ is an example of a widespread IT policy, but depending on industry, organization and technology reliance, they can become quite extensive.

Modern probation/parole and electronic monitoring programs depend very much on technology in this day and age: cloud based case management software, payment processors, billing/accounting software and digital document management are just some of the software tools that managers, case managers and administrators utilize on a daily basis. In addition, security is paramount: many of the systems that employees will interact with in the office, at the court or in the field store significant amounts of personal and financial data that presents an attractive target to nefarious actors. 

At a minimum, all but the smallest programs should consider and create:

  • Acceptable Use Policies
  • Security Policies
  • Equipment procurement policies
  • IT standard operating procedures (SOP’s)

Acceptable Use Policies

Acceptable Use Policies (AUP) are the most common and widely known IT policy: AUP’s lay out what people can and can’t do with technology resources. While many organizations rely on the honor system and common sense on the part of their employees, the unique security concerns of this industry make it a good idea to at least consider a formalized AUP: many templates can be easily found on the internet to base one off of.

Security Policies

Security policies should be clearly defined and then implemented across the organization’s hardware and software by administrators. 

At a minimum, all issued equipment should have antivirus or other security software installed prior to being issued. 

End users should not have full admin access to their devices and device logins should be centrally managed if possible. 

Devices should have remote access software installed for remote management of updates, security issues and troubleshooting. 

Cloud-based applications like SCRAMnet or G Suite should have strong, organization-wide password policies in place (requiring passwords of a certain length and periodic changes) and single sign-on enabled if possible. Login’s shouldn’t be shared and email addresses should disabled after the departure of an employee, not reused. 

Managing passwords should be taken care of utilizing a password manager. 

Lastly, individuals should be banned from accessing company systems on personal devices: the security threat is just too great. 

Equipment Procurement Policies

One of the biggest mistakes organizations make is failing to evaluate equipment needs and then settling on a purchasing standard: instead, they buy equipment based on price, availability, emotion or all three. This approach leads to inefficiencies and potential higher costs down the road. 

The first step is to evaluate your needs. Do the majority of your users spend a lot of time on the road, or in the office? What does their primary job responsibilities entail? What are their connectivity and port needs? Do they have any legacy equipment they must interface with on a frequent basis (SCRAM DirectConnect for example). What are their communication needs?

Apple products command a price premium, lack many business-focused features, have fewer support/upgrade options and have limited compatibility with many applications. In addition, tablets (whether Windows or iOS based) also have some limitations that prevent them from being an ideal choice: limited connectivity options, no keyboard (or fragile detachable keyboards), proprietary connectors/accessories and limited processing power. 

For the vast majority of organizations, Windows-based laptop computers with android mobile devices (if company provided phones are provided) are likely the best bet from a price, support, training, compatibility and flexibility point of view. 

After considering your needs, it’s time to pick a Manufacturer, and ideally, a ‘model line’ of machines that you will purchase exclusively for your organization. Here at Aguardion we settled on Lenovo; specifically, the Thinkpad E Series. 

The E series is Lenovo’s entry-level, business-focused (better build quality, support, security options and system restore process) thinkpad laptop line. I settled on these machines because they are relatively inexpensive, user repairable/upgradable, well built, have excellent keyboards, offer security features like fingerprint readers, have a thorough selection of ports, and utilize a standard charging cord, USB-C, that is common to many other laptops, laptop docks, adaptors and android phones. Lenovo support will also supply you with a system restore USB key, which is invaluable when wiping a machine between users. E-series are also widely available, so it’s easy to find them at an attractive price online or locally. 

As a result of this standardization, all of our chargers, cords and adapters are intercompatible, all of my machine warranties, service requests and inventory is managed through a single manufacturer portal, and the process to wipe and restore a machine before it is issued to a new employee is well understood and painless. 

These efficiencies have saved us tens of hours, inconvenience and headache over the years (standardized chargers have saved us a few times after someone left one in an airport lounge!) and allowed us to effectively implement IT best practices without adding unnecessary effort on our part. 

While Lenovo proved to be a great choice for Aguardion, it isn’t the only good option out there: Dell’s Latitude and Vostro and HP’s Essentials and Pro offer pretty good options as well. While the manufacturers website is a useful place to explore models, you will find much better prices on Amazon, Best Buy, Newegg or any number of online or physical retailers.

Whatever brand you go with, make sure the model line fits your organization’s needs. 

Recommended Features:

Business/prosumer class machine

Business focused features, better build quality

Minimum 1080p resolution, IPS screen

Fewer headaches, better viewing angles, superior multitasking. Avoid 1366×768 screens like the plague. 

USB C charging

Maximum flexibility

SSD drive

The most notable upgrade from a speed, convenience and reliability point of view.

Minimum 8 GB of RAM

Less only if it is user upgradable.

Potentially Useful Features

Kensington Lock Slot

These special slots found on many laptops allow you to use a special cable to lock the machine to something else. Invaluable when you are all set up and have to run to the bathroom (and you encounter untrustworthy people on a regular basis). 

Replaceable battery

You should expect to replace business-class laptops after 4-5 years. Heavy usage will potentially degrade battery life significantly before then.

IT Standard Operating Procedures

IT SOP’s dictate simply how you setup/configure new equipment, users or services and will depend largely on the equipment you issue and the tech stack you utilize. 

For example, we follow the following IT SOP at Aguardion: 

Departing Employees:

  • Access to all business applications is revoked remotely
  • Business-critical records are backed up to the CRM, email is forwarded to employee manager
  • Laptop is retrieved, backed up and factory reset (it’s also thoroughly cleaned)
  • Six months after separation, email address is permanently retired after a final backup

New Employees: 

  • User setup on CRM, Microsoft 365 and other business applications after needs are evaluated
  • Microsoft and G Suite accounts created
  • Anti-virus license is reissued to the new laptop user
  • Laptop login is setup, utilizing Microsoft account, strong password and biometrics
  • Software installed on laptop (depending on needs evaluation): Chrome browser, Vonage VoiP, Skype, etc. 
  • Remote Access software is installed
  • Equipment acknowledgement form is signed by employee
  • After training the machine is turned over to the employee

As a software provider to programs that are rich with sensitive data, the above approach maximizes security, reduces liability and simplifies IT management/support. It also ensures each employee receives a laptop performing at its peak, which is good for morale.

IT SOP’s are going to vary widely depending on the technologies an individual program utilizes, but a few best practices should be followed regardless:

Revoke Access Immediately

As soon as it is determined an employee is separating from the program, revoke access to all business and communication applications. Checklists can help this process.

Backup

Backup everything from a former employee: you never know when something might be subpoenaed.

Don’t Reuse Logins

Issue unique logins and email addresses for all employees, and retire them when someone leaves: this is crucial to maintain accurately accountability records

Factory Reset all Devices Between Users

There is no other way to ensure remnants of a former user’s personal data don’t linger. This also is good for morale: a freshly reinstalled machine maximizes a device’s performance and ensures the new user has the opportunity to ‘make it theirs’. 

Equipment Acknowledgment Form

These forms list the equipment, cost and serial numbers being turned over to the employee and stipulate that failure to return the equipment will result in the cost being deducted from the final paycheck.