IT Policy and Procedure Development Basics

Management faces a real challenge in how to establish sustainable Information Technology (IT) policies, procedures and controls that consistently achieve targeted business results. Organizations have the opportunity to achieve substantial benefits in enhancing customer satisfaction concurrently with increasing productivity by taking a customer focused, value driven approach to policy and procedure development and implementation.

The following items represent some of the benefits and goals that would be realized by a company implementing a set of IT policies and procedures.

Enhanced Security:  Policies and Procedures governing changes to logical and physical security access that define request, review, and approvals, enhance security by creating an audit trail. This will ensure only approved access changes are implemented.

Improved Communication: Establish and document a clear, consistent Policies and Procedures and you will minimize the frustration end users feel when something goes wrong.

Managed Expectations: Policies and Procedures give employees security in what to expect. End users know roughly how long it takes to fix or replace a hard drive, how long it takes to order a new monitor, make a change to the website and what the approval process is for each request. They also know what activities are permitted and which ones are not. They know what software is supported, what software is tolerated but not supported, and what software is strictly forbidden.  

Establish Measurable Goals: Policies and Procedures enable managers to establish benchmarks they can use to measure performance. This is typically referred to as the Service Level Agreement (SLA) and be both internal and external.

Legal Protection: If the worst happens and an employee or guest uses your computing resources to break the law or harass someone, a signed Acceptable Use Policy (AUP) can help minimize exposure and liability.

Acceptable Use:  IT Policies and Procedures should include a fully developed and implemented Acceptable Use Policy (AUP). The AUP would state what activities are allowed and what activities are not allowed. It would state which software applications are approved or not approved.  

Other areas that should be addressed by a comprehensive set of IT Policies and Procedures would include:

• Establishing a central point of contact for user interaction
• Setting minimum required information standards for error or trouble reporting.
• Establishing proper resource utilization levels
• Creating standard Problem Escalation guidelines.
• Creating priority levels to guide impact levels and response efforts.

IT Policies and Procedures should not be static, unalterable documents. They should reflect an evolving, ongoing conversation between managers, IT staff, end users, clients, and business requirements.

A complete set of IT Policies and Procedures create an environment of trust and set proper expectations with both management and end users.