What's the purpose of IT policy and procedure? Is it to limit creative use of technology? Is it to place administrative burdens that serve no purpose? Is it to just be controlling? If this is the way "policy and procedure" is viewed, the game has already been lost. The goal of IT policy and procedure is to maximize IT value and promote the most productive usage of IT products and services. Now you just need to convince your end-users of that.
Embracing the Purpose of IT Management Policy and Procedure
In fact, IT management policies, and related procedures, are often used to limit and control technology utilization, lower operating costs, and limit risk exposure (financial, security, and otherwise). From this perspective, policies and procedures are a necessary, and at times, intrusive, means to an end. However, the story does not have to end there. When used effectively, "policy and procedure" can also be to achieve value added productivity and results. Value added policies and procedures can promote productivity, minimize redundant work effort, and deliver consistency in performance and results.
- When policies are properly defined and implemented, decisions can be made with greater confidence and independence.
- When procedures are properly defined and implemented, internal and external staff can act with greater certainty and self-reliance.
- The key is alignment ... to create and apply sound, viable "policies and procedures" designed to match business goals and objectives.
Policy vs. Procedure – What’s the Difference?
Policies and procedures are distinct entities, used in tandem to drive IT operations, strategies and decisions. As management terms, they are often used interchangeably, but in reality, policies and procedures are not one and the same.
Policies are specific statements of principles and strategy, providing a "what and why" basis for consistent planning and decision making. Policies can be implied (action becomes policy) or expressed (policy drives action). Implied policies may not exist in documented form, but they become part of the operational culture through repeated patterns of planning and action. Expressed policies are created through detailed planning, and are applied through formal action. In any practical work environment, implied and expressed policies will co-exist.
Procedures provide the actionable steps and activities needed to translate ideas into action. By definition, procedures are always expressed, laid out as a series of steps and activities to be executed for a specific purpose and in a specific order. Procedures support policies, but can also exist without a corresponding policy entity.
Common Types of Policies and Procedures
- Acceptable Use Policies: Setting guidelines for the implementation and usage of end-user technology, including individual computers, networks, internet, intranet, e-mail, voicemail, telecommunications and related systems and services. (Read about email usage policies).
- Security Policies: Setting security guidelines for individual computers and shared systems, including network access, data usage, access, retention, and confidentiality, passwords, virus protection, remote access, and physical security. (Read about data security policies).
- Technology Standards Policies: Setting guidelines for the selection and implementation of technology standards, determining the type of systems and services to be utilized within the business organization, including product selection, acquisition, installation, and disposal. (Read about technology standards).
- Service Related Policies: Setting guidelines for the development and delivery of IT services, including installation, support, maintenance, project management, strategic planning and training. (Read about management standards).
- IT Organizational Policies: Setting guidelines for the creation of the IT organization, including the IT mission, roles and responsibilities, organizational structures (decentralized vs. centralized), organizational authority, staffing structure, and service goals.
- IT Operational Policies: Setting guidelines for the execution of internal IT operations, including systems administration, change management, systems configuration, technical design, product testing and evaluation, software development and related operational services.
To achieve all of the above, and also provide a reasonable opportunity to lower costs, save time and enhance operational productivity. "Sound" policy and procedure provides added value – it does more than control, it contributes.
The Six (6) Keys of Sound Policy and Procedure
- Policy and procedure must be purposeful to fill defined needs and serve an actual purpose.
- Policy and procedure must be relevant and aligned with actual needs and matched to the intended purpose.
- Policy and procedure must be fully useable, actionable and capable of implementation and enforcement.
- Policy and procedure must be flexible for adaptation to reasonable variations and exceptions.
- Policy and procedure must be credible and fully justified and enforceable in a consistent manner.
- Policy and procedure must be developed and implemented with end-user input and buy-in.
When appropriately combined, these six (6) keys form a "roadmap" to guide development actions and as benchmark to meaure resulting success. If any one "key" stands out, it is the need for flexibility - to respond to changing circumstances and end-user feedback. It is possible to achieve consistent results with built-in flexibility - and that is the overall goal.
Learn to Fast Track
If you like our ITtoolkit.com articles, you'll love our easy online training courses. We teach you how to use our unique fast track management approach for projects, committees and I.T. services. Our courses are self paced, and include lessons, videos and templates! And you can start for free! Get Started Now
Delivering Sound Policy and Procedure
Policy and procedure development begins with an examination of goals, needs and capabilities. In order to realize intended results (according to the six (6) keys listed above), the following questions must be fully considered and addressed:
- What is the current business need (i.e. problem to be solved, or improvement/advancement to be made)?
- How can policy and/or procedure be used to meet this need?
- How will any new policies and/or procedures be applied within the organization (i.e. to the entire organization or specific departments)?
- What is the expected life span of any new policies and/or procedures (long term or short term)?
- How will the current organization be impacted by the implementation of any new policies and/or procedures?
- Will there be any negative consequences from the implementation of any new policies and/or procedures?
- Will there be any internal or external resistance to the implementation of any new policies and/or procedures, and if so, how can this resistance be overcome or mitigated?
- What is required production format for any new policies and/or procedures (considering paper or paperless, formal or informal)?
- How will any new policies and/or procedures be developed (in terms of tasks, time and resources)?
- Who will have input into the development of any new policies and/or procedures?
- Who must approve the development and implementation of any new policies and/or procedures?
- How will any new policies and/or procedures be introduced and communicated within the organization?
- Who will be responsible for the implementation and maintenance of any new policies and/or procedures?
- How will any new policies and/or procedures be evaluated for success?
Once you can answer the questions listed above, you will have created an informational "foundation" upon which specific policies and procedures can be built. While it will take some time and effort, a comprehensive portfolio of well planned, relevant and realistic policies and procedures will go a long way towards realizing your IT management vision and maximizing the return on all IT service investments.
THE IT SERVICE STRATEGY TOOLKIT
If you're looking for a fast, easy way to achieve IT service success, you'll find it inside the IT Service Strategy Toolkit. This unique, informative online course gives you everything you need to become an IT management leader and service planning expert. Here's what you'll learn:
The I.T. Service Strategy Toolkit is an easy, engaging online course, containing over 50+ education components, teaching you how to use the multi-stage 'Service Strategy Process' to organize the I.T. service function and deliver value-added I.T. services.
Topics covered include developing the IT mission, organizing the IT service department, planning IT management policies, managing the IT/end-user service relationship, performing the IT service review, and more.
Techniques covered include 'Define, Align and Approve', the 'Manage by Process Framework', the IT/End User Partnership, Proactive Problem Management and more.
Download the tools and templates to produce the I.T. Vision Statement and multiple Service Review deliverables.
Build and improve strategic planning skills, as you learn time-saving techniques to become a more productive IT manager or service professional.
Course enrollment provides lifetime access to all components, with all future updates and additions included.
Source: Unless noted otherwise, all content is created by and/or for ITtoolkit.com
ITtoolkit.com staff writers have experience working for some of the largest corporations, in various positions including marketing, systems engineering, help desk support, web and application development, and IT management.
ITtoolkit.com is part of Right Track Associates, proprietors and publishers of multiple web sites including ITtoolkit.com, Fast Track Manage, HOA Board List and more. We started ITtoolkit.com in 2001 and have continued to grow our web site portfolio, Toolkit products, and related data services. To learn more, visit us at Right Track Associates.