Good morning.

People are more important than policies.

All people. All policies.


@djsundog The policy contribution I'm most proud of was getting the preamble of every policy document to say "no disciplinary action will be taken against anyone who violates this policy in a good-faith effort to protect life, health, safety, or well-being"

If your policy doesn't put people first, it is bad and will fail

@Hyolobrika @djsundog not really; it’s much easier to abuse policy that’s overly-specific. It’s counterintuitive, but the more detailed your rules, the easier it is to find loopholes

The good faith qualifier means you can still discipline someone for acting in bad faith

@Hyolobrika @djsundog the people arbitrating the policy breach, just like any other matter. The good faith clause even gives an employee a path to take their claim to outside arbitration or court, which they couldn't do without that clause

Such clauses are overwhelmingly in favor of the employee, and the term has a long and established legal history

It's imperfect, like all policy, but it's much better to have it than not

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.