Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

How to Set IT Policies the Right Way

Your rules for running IT should derive from the people who have to live with them.
Page:

Danny was military, and he makes sure you know it. His colleagues grumble that he acts like he's the commander. Danny likes discipline and controls, especially when he's the one with his hand on those controls.

As assistant to the CIO, Danny was put in charge of policy. He was dubbed the "policy czar." Danny set about violating my Golden Rule of Organizational Design: Never separate accountability from authority. In doing so, he set himself up as a policy decision maker rather than, as he should have been, a policy facilitator.

Who Decides IT Policies?

Policies are constraints on the way we work -- a "how to" procedure or "you must" requirement. The dictionary defines policy as a definite course or method of action selected from among alternatives and in light of given conditions to guide and determine present and future decisions.

A policy, once established, narrows one's choices about what to do, how to do it or which alternative to choose. Danny, as you can see from the following exchange, enjoyed his authority to prescribe choices for the rest of his organization.

During a leadership-team meeting that I attended as a consultant, I asked Danny which policies he felt he was responsible for. His answer was, "All." (I was disconcerted that he neglected to add "sir" to the end of his terse reply. I thought that was policy.)

"All?" I asked incredulously.

"All," he replied assertively.

"Even those that apply to a single line of business, like the policy on what gets connected to the network?" I queried.

"Absolutely," Danny answered. He seemed annoyed that I'd had the insolence to ask.

Undaunted, I pressed on. "How do you go about setting policies?" I inquired.

Danny described a process that was essentially this:

  1. Danny decides which policy to work on next, setting priorities from among a list of potential policies that he generates, as well as considering requests by others within the department.


  2. Danny drafts the policy, perhaps drawing on his peers as subject-matter experts.


  3. After a private briefing by Danny, the CIO approves the policy (in some cases with the input of a steering committee representing the business units).


  4. Danny enforces compliance.

Page:

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Creative, HIS Limited, Leader, Leader Computers, SIR

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • Server and Storage Optimization Techniques
    By meeting the requirements to deploy new applications and support a larger number of internal and external customers, IT organizations are facing a space, power, and cooling crunch. Read on.
    Learn more »
  • Closing the print security gap - The market landscape for print security
    Today, many organisations continue to rely on printing to support business processes, particularly in the public sector, finance industry and legal profession. Whilst MFPs and printers have improved business productivity, they pose the same security risk as any networked device if left unprotected. With reported data breaches on the rise and growing industry and regulatory requirements around information security, businesses may suffer financial and reputational damage if they ignore the risks of unsecured printing. Read more.
    Learn more »
  • Print security and the mobile workforce
    Where, when, and how we work is changing. Whether your employees are working on the road without a dedicated workstation or from a home office, they need a safe way to print. Driving this shift is the accelerating adoption of smartphones, tablets, and other mobile devices. But even with these devices, printing remains a key business function for virtually all employees, and many may already be using them to print. Read more.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments