At the company, we have weekly meetings to hear various tidbits that apply to the whole company: Nuances like filling out time sheets, travel requests, and other bits of "administrivia." At this past week's meeting, it was brought up that a "rouge" server was pulled off the network as it was not installed and configured per the "corporate polices." The offending party complained that there ARE NO policies. Certainly, on our intranet page, there is a link to the policies. But, upon clicking the link, there are no actual policies listed. Interesting.
Recently, we've had a new email and records retention policy put in place. This policy was distributed as a .pdf, but is still not linked on the intranet page of policies. I'm certainly not a lawyer, but I would think the company would want to get those polices up in a public place, pronto. It's only a matter of time before the company gets tested on them.
And for the record, I had nothing to do with the server.