Six Keys to Sound IT Management "Policy and Procedure"

What's the purpose of IT policy and procedure?  Is it to limit creative use of technology?  Is it to place administrative burdens that serve no purpose?  Is it to just be controlling?  If this is the way "policy and procedure" is viewed, the game has already been lost.  The goal of IT policy and procedure is to maximize IT value and promote the most productive usage of IT products and services.  Now you just need to convince your end-users of that.

Policy vs. Procedure – What’s the Difference?

Policies and procedures are distinct entities, used in tandem to drive IT operations, strategies and decisions. As management terms, they are often used interchangeably, but in reality, policies and procedures are not one and the same.

Policies are specific statements of principles and strategy, providing a "what and why" basis for consistent planning and decision making. Policies can be implied (action becomes policy) or expressed (policy drives action). Implied policies may not exist in documented form, but they become part of the operational culture through repeated patterns of planning and action. Expressed policies are created through detailed planning, and are applied through formal action. In any practical work environment, implied and expressed policies will co-exist.

Procedures provide the actionable steps and activities needed to translate ideas into action. By definition, procedures are always expressed, laid out as a series of steps and activities to be executed for a specific purpose and in a specific order. Procedures support policies, but can also exist without a corresponding policy entity.

Common Types of Policies and Procedures

  • Acceptable Use Policies: Setting guidelines for the implementation and usage of end-user technology, including individual computers, networks, internet, intranet, e-mail, voicemail, telecommunications and related systems and services.  (Read about email usage policies).
  • Security Policies: Setting security guidelines for individual computers and shared systems, including network access, data usage, access, retention, and confidentiality, passwords, virus protection, remote access, and physical security.  (Read about data security policies).
  • Disaster Recovery Policies: Setting guidelines for disaster recovery and business continuity practices and procedures.  (Download Disaster Recovery Plan template).
  • Technology Standards Policies: Setting guidelines for the selection and implementation of technology standards, determining the type of systems and services to be utilized within the business organization, including product selection, acquisition, installation, and disposal.  (Read about technology standards).
  • Service Related Policies: Setting guidelines for the development and delivery of IT services, including installation, support, maintenance, project management, strategic planning and training.  (Read about management standards).
  • IT Organizational Policies: Setting guidelines for the creation of the IT organization, including the IT mission, roles and responsibilities, organizational structures (decentralized vs. centralized), organizational authority, staffing structure, and service goals.
  • IT Operational Policies: Setting guidelines for the execution of internal IT operations, including systems administration, change management, systems configuration, technical design, product testing and evaluation, software development and related operational services.

To achieve all of the above, and also provide a reasonable opportunity to lower costs, save time and enhance operational productivity.   "Sound" policy and procedure provides added value – it does more than control, it contributes.

The Six (6) Keys of Sound Policy and Procedure

  1. Policy and procedure must be purposeful to fill defined needs and serve an actual purpose.
  2. Policy and procedure must be relevant and aligned with actual needs and matched to the intended purpose.
  3. Policy and procedure must be fully useable, actionable and capable of implementation and enforcement.
  4. Policy and procedure must be flexible for adaptation to reasonable variations and exceptions.
  5. Policy and procedure must be credible and fully justified and enforceable in a consistent manner.
  6. Policy and procedure must be developed and implemented with end-user input and buy-in.

When appropriately combined, these six (6) keys form a "roadmap" to guide development actions and as benchmark to meaure resulting success.  If any one "key" stands out, it is the need for flexibility - to respond to changing circumstances and end-user feedback.  It is possible to achieve consistent results with built-in flexibility - and that is the overall goal.

Delivering Sound Policy and Procedure

Policy and procedure development begins with an examination of goals, needs and capabilities.  In order to realize intended results (according to the six (6) keys listed above), the following questions must be fully considered and addressed:

  • What is the current business need (i.e. problem to be solved, or improvement/advancement to be made)?
  • How can policy and/or procedure be used to meet this need?
  • How will any new policies and/or procedures be applied within the organization (i.e. to the entire organization or specific departments)?
  • What is the expected life span of any new policies and/or procedures (long term or short term)?
  • How will the current organization be impacted by the implementation of any new policies and/or procedures?
  • Will there be any negative consequences from the implementation of any new policies and/or procedures?
  • Will there be any internal or external resistance to the implementation of any new policies and/or procedures, and if so, how can this resistance be overcome or mitigated?
  • What is required production format for any new policies and/or procedures (considering paper or paperless, formal or informal)?
  • How will any new policies and/or procedures be developed (in terms of tasks, time and resources)?
  • Who will have input into the development of any new policies and/or procedures?
  • Who must approve the development and implementation of any new policies and/or procedures?
  • How will any new policies and/or procedures be introduced and communicated within the organization?
  • Who will be responsible for the implementation and maintenance of any new policies and/or procedures?
  • How will any new policies and/or procedures be evaluated for success?
Continue with an illustrated view of IT policy planning and development in our informative infographic:  Fundamentals of IT Management Policies.

The Project Committee Planner and Template Kit

The Project Committee Planner and Template Kit

The Project Committee Planner and Template Kit provides time-saving steps and customizable templates to organize, operate and evaluate all types of project committees.  Available for instant download.

About Us: We're Right Track Associates, proprietors and publishers of multiple web sites including, Fast Track Manage, HOA Board List and more. We started in 2001 and have continued to grow our web site portfolio, Toolkit products, and related data services.   To learn more, start with our home page.

Learn more about the Service Strategy Toolkit from



Are you ready to lead your I.T. department to become more valued, relevant and responsive? If so, then you need the IT Service Strategy Toolkit from! The Toolkit teaches you how to "add value" to IT projects and services -- using our time-saving "service strategy process". It's ready for instant download, filled with 400+ pages of steps, guidelines, practices and templates. Find Out More


Project Fast Tracking

What is it?

Strategic "project fast tracking" is a streamlined project management process, specifically used to overcome the most common types of project obstacles, including insufficient time, resource shortages, budgetary deficiencies and stakeholder conflicts.


Part 1: What is Strategic Fast Tracking?

Part 2: Evaluating Projects for Fast-Track-Ability

Part 3: Pinpointing Project Priorities

Learn more about the Fast Track Project Toolkit

The Fast Track Project Toolkit provides the entire "fast tracking" methodology in one complete package, filled with how-to concepts, practices and templates. Available for instant download.

Articles, Tips & Offers Right to Your Inbox

Sign up for the newsletter and be the first to know about our latest blog articles, templates, white papers, infographics, and special offers.

We won't overload your inbox and we don't share or sell subscriber information. Just enter your email address below.