Church Techy
Where Tech meets Church
IT Policies
Author: Stuart20 Jun
Does your Church have formal written policies for accessing computers or hiring technical equipment?
Do you enforce them by use of security appliances, hardware, software or by restricting access via group policy (or similar)?
Or are you like the Church I attend – a total free for all when it comes to computer access and whom uses them? I admit it is one of my huge bugbears and I’ve been fighting an uphill battle with the senior leadership to get them understand the issue.
It isn’t that I want to lock the Church down or be some mafia admin character. I’m trying to help them help themselves. After all, we’re quite happy to introduce police checking for our children’s workers (which is not yet a requirement in UK law for Churches) and are very strict on that. We also vet our ushers but not to the same degree – though there was talk that as they may come into contact with children that they too need to be police vetted. So it is with some surprise that I can’t get them to understand the need.
We have documents – such as those to do with the child protection policy which really shouldn’t be accessible by anyone but those “in the know”. OK, so permissions on the server are set correctly and they aren’t easy to access but then you find out the main person behind the CPP is logging other folks in with their user id … can we all say argggh! After all, if I recall correctly, some 80% plus of any network attack is an inside job in the first place.
Then there are the notes the senior pastor might write to assist with helping keep track of what he’s doing, saying, etc …. some of these (at a guess) could be damaging if the wrong person got hold of them. Naturally his P.A. has access to most of the same documents which are frequently stored on the local PC and not the supplied securer network drive. Then I find folks happily surfing the net and doing all sorts from her PC and they continue to wonder why her PC needs frequent rebuilds or cleaning sessions.
Please tell me I’m not alone in this and that my battle to make them create, use and then enforce policies is not a futile one. For sure there will always be some who want to buck the system – even in a Church.
2 Responses for "IT Policies"
First good work on the site, love the domain name.
You hit upon my biggest single annoyance with my job at a large church in N. Texas. It is a fine balance between being “big brother” and doing the right thing. The first and biggets reason for policies is security. A careless user who leaves a system unlocked could reveal salary information, donation information, or may confidential issues. The user may not even have direct access but a clever person may be able to elevate priviledges. So at the very least password and screen saver plocies must be enforced.
We have many ways to enforce policies. We use group policy a lot. The main thing is to have written policies for users to sign, it can even be a simple document and it will be ever changing. Inconvience to the user can not be an excuse for not usng “best practices”. However making ploicies you can’t enforce is bascially useless. My main montra over the years has been, if you want a professional perfoming network you must you industry standards. As Christains we must be accountable form the way we drive to the way we are stewards with God’s resources.
One of our best succeses was with coming up with standards for the printers. We got rid of most of the personal printers and went with bigger network printers. We met much resistance but a year later not only did we add functionality we saved over 30% in cost. Adding codes kept wasted printing down and our per print cost went down.
Good luck with all of this. Sometime if you are interested I can share some scary examples of church IT gone wrong.
Thanks Barry – I really appreciate the comment and yes I agree, we do need to use and enforce best practices.
As to the domain name, I was blessed!
Leave a reply