A dynamic and streamlined policy approach will:
To accomplish this, the policy writer must engage their audience early to gather input on IT policies, increase policy awareness, and gain buy-in early in the process.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Assess your risk landscape and design a plan to update your policy network based on your most critical risks.
Use input from key stakeholders to write clear, consistent, and concise policies that people will actually read and understand. Then publish them and start generating policy awareness.
Use your policies to create a compliance culture in your organization, set KPIs, and track policy effectiveness.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Identify the pain points associated with IT policies.
Establish the policy development process.
Begin formulating a plan to re-design the policy network.
Establish the policy process.
Highlight key issues and pain points regarding policy.
Assign roles and responsibilities.
1.1 Introduce workshop.
1.2 Identify the current pain points with policy management.
1.3 Establish high-level goals around policy management.
1.4 Select metrics to measure achievement of goals.
1.5 Create an IT policy working group (ITPWG).
1.6 Define the scope and purpose of the ITPWG.
List of issues and pain points for policy management
Set of six to ten goals for policy management
Baseline and target measured value
Amended steering committee or ITPWG charter
Completed RACI chart
Documented policy development process
Identify key risks.
Develop an understanding of which risks are most critical.
Design a policy network that best mitigates those risks.
Use a risk-driven approach to decide which policies need to be written or updated first.
2.1 Identify risks at a high level.
2.2 Assess each identified risk scenario on impact and likelihood.
2.3 Map current and required policies to risks.
2.4 Assess policy effectiveness.
2.5 Create a policy action plan.
2.6 Select policies to be developed during workshop.
Ranked list of IT’s risk scenarios
Prioritized list of IT risks (simplified risk register)
Policy action plan
Outline what key features make a policy effective and write policies that mitigate the most critical IT risks.
Write policies that work and get them approved.
3.1 Define the policy audience, constraints, and in-scope and out-of-scope requirements for a policy.
3.2 Draft two to four policies
Drafted policies
Build an understanding of how well the organization’s value creation activities are being supported.
Identify an area or capability that requires improvement.
4.1 Review draft policies and update if necessary.
4.2 Create a policy communication plan.
4.3 Select KPIs.
4.4 Review root-cause analysis techniques.
Final draft policies
Policy communications plan
KPI tracking log