Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

How to Set IT Policies the Right Way

Your rules for running IT should derive from the people who have to live with them.
Page:

Danny was military, and he makes sure you know it. His colleagues grumble that he acts like he's the commander. Danny likes discipline and controls, especially when he's the one with his hand on those controls.

As assistant to the CIO, Danny was put in charge of policy. He was dubbed the "policy czar." Danny set about violating my Golden Rule of Organizational Design: Never separate accountability from authority. In doing so, he set himself up as a policy decision maker rather than, as he should have been, a policy facilitator.

Who Decides IT Policies?

Policies are constraints on the way we work -- a "how to" procedure or "you must" requirement. The dictionary defines policy as a definite course or method of action selected from among alternatives and in light of given conditions to guide and determine present and future decisions.

A policy, once established, narrows one's choices about what to do, how to do it or which alternative to choose. Danny, as you can see from the following exchange, enjoyed his authority to prescribe choices for the rest of his organization.

During a leadership-team meeting that I attended as a consultant, I asked Danny which policies he felt he was responsible for. His answer was, "All." (I was disconcerted that he neglected to add "sir" to the end of his terse reply. I thought that was policy.)

"All?" I asked incredulously.

"All," he replied assertively.

"Even those that apply to a single line of business, like the policy on what gets connected to the network?" I queried.

"Absolutely," Danny answered. He seemed annoyed that I'd had the insolence to ask.

Undaunted, I pressed on. "How do you go about setting policies?" I inquired.

Danny described a process that was essentially this:

  1. Danny decides which policy to work on next, setting priorities from among a list of potential policies that he generates, as well as considering requests by others within the department.


  2. Danny drafts the policy, perhaps drawing on his peers as subject-matter experts.


  3. After a private briefing by Danny, the CIO approves the policy (in some cases with the input of a steering committee representing the business units).


  4. Danny enforces compliance.

Page:

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Creative, HIS Limited, Leader, Leader Computers, SIR

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • Disaster Recovery Strategy Guide
    Disaster recovery articles include: 4 Steps to Help Your IT Team When Disaster Strikes; If Disaster Strikes Will Your Critical Enterprise Apps Be Ready To Get You Back in Business; Disaster Recovery on a Budget; Seven strategies for keeping disaster recovery ON TARGET; Disaster Recovery in the Cloud Yields ROI and more.
    Learn more »
  • Secure File Sharing in the Cloud: Maximizing the Benefits
    Unmanaged cloud-based services can put organizations at risk for a data breach or non-compliance. Learn about the factors you should consider for deploying an enterprise-class secure file sharing solution in the cloud—including the benefits and risks of public, private, and hybrid options.
    Learn more »
  • Enabling Agile and Intelligent Businesses
    In the last 3 to 5 years there has been widespread adoption of SOA with businesses making significant economic investments in service-enabling their IT systems. Looking to enable your business for efficient IT execution? Read this white paper now.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments

HP and IDG news, product videos and resources