What's the purpose of IT policy and procedure? Is it to limit creative use of technology? Is it to place administrative burdens that serve no purpose? Is it to just be controlling? If this is the way "policy and procedure" is viewed, the game has already been lost. The goal of IT policy and procedure is to maximize IT value and promote the most productive usage of IT products and services. Now you just need to convince your end-users of that.
Embracing the Purpose of IT Management Policy and Procedure
In fact, IT management policies, and related procedures, are often used to limit and control technology utilization, lower operating costs, and limit risk exposure (financial, security, and otherwise). From this perspective, policies and procedures are a necessary, and at times, intrusive, means to an end. However, the story does not have to end there. When used effectively, "policy and procedure" can also be to achieve value added productivity and results. Value added policies and procedures can promote productivity, minimize redundant work effort, and deliver consistency in performance and results.
- When policies are properly defined and implemented, decisions can be made with greater confidence and independence.
- When procedures are properly defined and implemented, internal and external staff can act with greater certainty and self-reliance.
- The key is alignment ... to create and apply sound, viable "policies and procedures" designed to match business goals and objectives.
Policy vs. Procedure – What’s the Difference?
Policies and procedures are distinct entities, used in tandem to drive IT operations, strategies and decisions. As management terms, they are often used interchangeably, but in reality, policies and procedures are not one and the same.
Policies are specific statements of principles and strategy, providing a "what and why" basis for consistent planning and decision making. Policies can be implied (action becomes policy) or expressed (policy drives action). Implied policies may not exist in documented form, but they become part of the operational culture through repeated patterns of planning and action. Expressed policies are created through detailed planning, and are applied through formal action. In any practical work environment, implied and expressed policies will co-exist.
Procedures provide the actionable steps and activities needed to translate ideas into action. By definition, procedures are always expressed, laid out as a series of steps and activities to be executed for a specific purpose and in a specific order. Procedures support policies, but can also exist without a corresponding policy entity.
Common Types of Policies and Procedures
- Acceptable Use Policies: Setting guidelines for the implementation and usage of end-user technology, including individual computers, networks, internet, intranet, e-mail, voicemail, telecommunications and related systems and services. (Read about email usage policies).
- Security Policies: Setting security guidelines for individual computers and shared systems, including network access, data usage, access, retention, and confidentiality, passwords, virus protection, remote access, and physical security. (Read about data security policies).
- Technology Standards Policies: Setting guidelines for the selection and implementation of technology standards, determining the type of systems and services to be utilized within the business organization, including product selection, acquisition, installation, and disposal. (Read about technology standards).
- Service Related Policies: Setting guidelines for the development and delivery of IT services, including installation, support, maintenance, project management, strategic planning and training. (Read about management standards).
- IT Organizational Policies: Setting guidelines for the creation of the IT organization, including the IT mission, roles and responsibilities, organizational structures (decentralized vs. centralized), organizational authority, staffing structure, and service goals.
- IT Operational Policies: Setting guidelines for the execution of internal IT operations, including systems administration, change management, systems configuration, technical design, product testing and evaluation, software development and related operational services.
To achieve all of the above, and also provide a reasonable opportunity to lower costs, save time and enhance operational productivity. "Sound" policy and procedure provides added value – it does more than control, it contributes.
The Six (6) Keys of Sound Policy and Procedure
- Policy and procedure must be purposeful to fill defined needs and serve an actual purpose.
- Policy and procedure must be relevant and aligned with actual needs and matched to the intended purpose.
- Policy and procedure must be fully useable, actionable and capable of implementation and enforcement.
- Policy and procedure must be flexible for adaptation to reasonable variations and exceptions.
- Policy and procedure must be credible and fully justified and enforceable in a consistent manner.
- Policy and procedure must be developed and implemented with end-user input and buy-in.
When appropriately combined, these six (6) keys form a "roadmap" to guide development actions and as benchmark to meaure resulting success. If any one "key" stands out, it is the need for flexibility - to respond to changing circumstances and end-user feedback. It is possible to achieve consistent results with built-in flexibility - and that is the overall goal.
Even under the best of circumstances, management is a challenge. When you learn to fast track, you’ll learn to work smarter, not harder. And that’s the value of every lesson, resource and template available at Fast Track Manage Learning. We teach you how to fast track your way to successful projects, committees and more. Learn More
Delivering Sound Policy and Procedure
Policy and procedure development begins with an examination of goals, needs and capabilities. In order to realize intended results (according to the six (6) keys listed above), the following questions must be fully considered and addressed:
- What is the current business need (i.e. problem to be solved, or improvement/advancement to be made)?
- How can policy and/or procedure be used to meet this need?
- How will any new policies and/or procedures be applied within the organization (i.e. to the entire organization or specific departments)?
- What is the expected life span of any new policies and/or procedures (long term or short term)?
- How will the current organization be impacted by the implementation of any new policies and/or procedures?
- Will there be any negative consequences from the implementation of any new policies and/or procedures?
- Will there be any internal or external resistance to the implementation of any new policies and/or procedures, and if so, how can this resistance be overcome or mitigated?
- What is required production format for any new policies and/or procedures (considering paper or paperless, formal or informal)?
- How will any new policies and/or procedures be developed (in terms of tasks, time and resources)?
- Who will have input into the development of any new policies and/or procedures?
- Who must approve the development and implementation of any new policies and/or procedures?
- How will any new policies and/or procedures be introduced and communicated within the organization?
- Who will be responsible for the implementation and maintenance of any new policies and/or procedures?
- How will any new policies and/or procedures be evaluated for success?
Once you can answer the questions listed above, you will have created an informational "foundation" upon which specific policies and procedures can be built. While it will take some time and effort, a comprehensive portfolio of well planned, relevant and realistic policies and procedures will go a long way towards realizing your IT management vision and maximizing the return on all IT service investments.
Source: Unless noted otherwise, all content is created by and for ITtoolkit.com
ITtoolkit.com staff writers have experience working for some of the largest corporations, in various positions including marketing, systems engineering, help desk support, web and application development, and IT management.
ITtoolkit.com is part of Right Track Associates, proprietors and publishers of multiple web sites including ITtoolkit.com, Fast Track Manage, HOA Board List and more. We started ITtoolkit.com in 2001 and have continued to grow our web site portfolio, Toolkit products, and related data services. To learn more, visit us at Right Track Associates.