Six Keys to Sound IT Management "Policy and Procedure"

What's the purpose of IT policy and procedure?  Is it to limit creative use of technology?  Is it to place administrative burdens that serve no purpose?  Is it to just be controlling?  If this is the way "policy and procedure" is viewed, the game has already been lost.  The goal of IT policy and procedure is to maximize IT value and promote the most productive usage of IT products and services.  Now you just need to convince your end-users of that.

In fact, IT management policies, and related procedures, are often used to limit and control technology utilization, lower operating costs, and limit risk exposure (financial, security, and otherwise). From this perspective, policies and procedures are a necessary, and at times, intrusive, means to an end. However, the story does not have to end there. When used effectively, "policy and procedure" can also be to achieve value added productivity and results. Value added policies and procedures can promote productivity, minimize redundant work effort, and deliver consistency in performance and results.

  • When policies are properly defined and implemented, decisions can be made with greater confidence and independence.
  • When procedures are properly defined and implemented, internal and external staff can act with greater certainty and self-reliance.
  • The key is alignment ... to create and apply sound, viable "policies and procedures" designed to match business goals and objectives.

 What are the (6) Keys of Sound Policy?

  1. Policy and procedure must be purposeful to fill defined needs and serve an actual purpose.
  2. Policy and procedure must be relevant and aligned with actual needs and matched to the intended purpose.
  3. Policy and procedure must be fully useable, actionable and capable of implementation and enforcement.
  4. Policy and procedure must be flexible for adaptation to reasonable variations and exceptions.
  5. Policy and procedure must be credible and fully justified and enforceable in a consistent manner.
  6. Policy and procedure must be developed and implemented with end-user input and buy-in.

When appropriately combined, these six (6) keys form a "roadmap" to guide development actions and as benchmark to meaure resulting success.  If any one "key" stands out, it is the need for flexibility - to respond to changing circumstances and end-user feedback.  It is possible to achieve consistent results with built-in flexibility - and that is the overall goal.

How to Deliver Sound Policy....

The first (and most important) step is to identify all the essential goals, needs and capabilities.  And here are the questions you'll have to answer.....

  • What is the current business need (i.e. problem to be solved, or improvement/advancement to be made)?
  • How can policy and/or procedure be used to meet this need?
  • How will any new policies and/or procedures be applied within the organization (i.e. to the entire organization or specific departments)?
  • What is the expected life span of any new policies and/or procedures (long term or short term)?
  • How will the current organization be impacted by the implementation of any new policies and/or procedures?
  • Will there be any negative consequences from the implementation of any new policies and/or procedures?
  • Will there be any internal or external resistance to the implementation of any new policies and/or procedures, and if so, how can this resistance be overcome or mitigated?
  • What is required production format for any new policies and/or procedures (considering paper or paperless, formal or informal)?
  • How will any new policies and/or procedures be developed (in terms of tasks, time and resources)?
  • Who will have input into the development of any new policies and/or procedures?
  • Who must approve the development and implementation of any new policies and/or procedures?
  • How will any new policies and/or procedures be introduced and communicated within the organization?
  • Who will be responsible for the implementation and maintenance of any new policies and/or procedures?
  • How will any new policies and/or procedures be evaluated for success?

Common Types of Policies and Procedures

  • Acceptable Use Policies: Setting guidelines for the implementation and usage of end-user technology, including individual computers, networks, internet, intranet, e-mail, voicemail, telecommunications and related systems and services.  (Read about email usage policies).
  • Security Policies: Setting security guidelines for individual computers and shared systems, including network access, data usage, access, retention, and confidentiality, passwords, virus protection, remote access, and physical security.  (Read about data security policies).
  • Disaster Recovery Policies: Setting guidelines for disaster recovery and business continuity practices and procedures.  (Download Disaster Recovery Plan template).
  • Technology Standards Policies: Setting guidelines for the selection and implementation of technology standards, determining the type of systems and services to be utilized within the business organization, including product selection, acquisition, installation, and disposal.  (Read about technology standards).
  • Service Related Policies: Setting guidelines for the development and delivery of IT services, including installation, support, maintenance, project management, strategic planning and training.  (Read about management standards).
  • IT Organizational Policies: Setting guidelines for the creation of the IT organization, including the IT mission, roles and responsibilities, organizational structures (decentralized vs. centralized), organizational authority, staffing structure, and service goals.
  • IT Operational Policies: Setting guidelines for the execution of internal IT operations, including systems administration, change management, systems configuration, technical design, product testing and evaluation, software development and related operational services.
Continue with an illustrated view of IT policy planning and development in our informative infographic:  Fundamentals of IT Management Policies.

The Project Committee Planner and Template Kit

The Project Committee Planner and Template Kit

The Project Committee Planner and Template Kit provides time-saving steps and customizable templates to organize, operate and evaluate all types of project committees.  Available for instant download.

About Us: We're Right Track Associates, proprietors and publishers of multiple web sites including, Fast Track Manage, HOA Board List and more. We started in 2001 and have continued to grow our web site portfolio, Toolkit products, and related data services.   To learn more, start with our home page.

Learn more about the Service Strategy Toolkit from



Are you ready to lead your I.T. department to become more valued, relevant and responsive? If so, then you need the IT Service Strategy Toolkit from! The Toolkit teaches you how to "add value" to IT projects and services -- using our time-saving "service strategy process". It's ready for instant download, filled with 400+ pages of steps, guidelines, practices and templates. Find Out More


Project Fast Tracking

What is it?

Strategic "project fast tracking" is a streamlined project management process, specifically used to overcome the most common types of project obstacles, including insufficient time, resource shortages, budgetary deficiencies and stakeholder conflicts.


Part 1: What is Strategic Fast Tracking?

Part 2: Evaluating Projects for Fast-Track-Ability

Part 3: Pinpointing Project Priorities

Learn more about the Fast Track Project Toolkit

The Fast Track Project Toolkit provides the entire "fast tracking" methodology in one complete package, filled with how-to concepts, practices and templates. Available for instant download.

Articles, Tips & Offers Right to Your Inbox

Sign up for the newsletter and be the first to know about our latest blog articles, templates, white papers, infographics, and special offers.

We won't overload your inbox and we don't share or sell subscriber information. Just enter your email address below.