| * PTO/vacation rules * Clear and simple issue escalation that handles the case where an associate has a problem with their immediate manager * A clear policy against discrimination that ties into that issue escalation and assures that facts and impressions are documented * User privacy and security controls; for instance, the rule that prevents rando associates from poking around production databases, or from logging in as arbitrary users; also, the rule that keeps the dev team from using prod data as testcase datasets * The 2FA and user laptop encryption rule. At Matasano, we had a "probationary" period for new hires during which they needed permission to remove laptops from company prem, which was concluded by a formal audit. Matasano handles almost nothing but hazmat, so think of that as one end of the spectrum. * Expectations about off-hours work, and about what kinds of things are OK if they show up in your associates Github account and what kinds of things aren't. * Whatever rule you want to create about employees representing you on their Twitter accounts. * The rule that says people need to be press-trained before talking to reporters. There are more, but by the time I got to "Twitter accounts" I was scraping the bottom of my brain for more examples. |
For this make sure that everyone understands if the vacation rolls over, how it is accrued, etc. Not just that you get 10 days per year. Roll-over, buy back, use or lose, etc.