The challenge
Ensure that your policies are kept up to date and that they are relevant to the current regulatory environment in which you operate. Moreover, they need to be in sync with your business context.
Policies work best when they are easy to understand and easy to find. They cannot be overly complex or they become susceptible to mis-interpretation, making monitoring and enforcing problematic.
Unstructured policies will take up too much of your time, which you should better spend on supporting the business value chains.
Our advice
Insight
Streamline your policy approach and gain:
- Policies that are right for your company structure and context
- Embed policy compliance within the daily routines, without having to overly police them.
The policy writer has to engage the target audience early:
- To gather their input
- To learn the culture of the company
- To allow the culture of the company to be reflected in the policies
- To allow the policies to enhance the culture wherever possible
Which results in better acceptance of and adherence to the new policies.
Impact and results
- You will develop better and more effective policies. Clearly state the goals and objectives of the policies. Where possible use a standardized approach and keep the barriers to entry and reading of the policies low.
- Improve your risk coverage to ensure that you manage the full risk landscape, including regulatory and legal requirements, but also how to manage your opportunities.
- Establish clear methods for reporting, documenting and communicating risks and opportunities.
- Enable your staff. Policies can be a great tool for education, training and improved awareness of the business context and its risks and opportunities.
The roadmap
Besides the small introduction, subscribers and consulting clients within this management domain have access to :
Get Started
- The Full Executive Brief (if you want access, just ask here)
- Review and Improve Your IT Policy Library – Phases 1-3 (ppt)
Assess
Assess your risks, but also your opportunities and design a plan based on risk and opportunity assessments
- Take the Pain out of IT Policies – Phase 1: Assess (ppt)
- Policy Management RACI Chart Template (xls)
- Policy Management Tool (xls)
- Policy Action Plan (doc)
Draft and implement
Use the gathered inputs and write clear documents that people will actually read. Avoid legalese and complex structures in the documents. Work regularly with the staff and stakeholders, so that you can launch your awareness campaign with head start.
- Take the Pain out of IT Policies – Phase 2: Draft and Implement (ppt)
- Policy Template (doc)
- Policy Communication Plan Template (doc)
Monitor, enforce and revise
Compliance with policies can be embedded in the culture of any company, provided they are in sync with the culture of the company. They can be either a culture-fit, or a culture-add
- Take the Pain out of IT Policies – Phase 3: Monitor, Enforce, Revise