SYSTEMS POLICY DEVELOPMENT
Rules that govern internal management and external use of the organization’s computing and communications resources have regulatory compliance, fiduciary, security, reliability, and other implications. Consequently, development of these rules are is a mission critical undertaking.
Three stimuli give rise to an organization’s need for sound information technology [IT] policies.
Regulatory Compliance. Policies in this area enable the organization to satisfy local, state, federal, and international laws that govern its operations. This is not only true for highly-regulated industries (e.g., banking, pharmaceuticals), but also everything from restaurants to appliance retailing. Policies geared towards regulatory compliance include such IT concerns as: data retention, access restrictions, and consent.
Organizational Goals. Policies geared towards desired outcomes defined by the organization come in various forms. For instance, reliability policies govern the selection of telecommunications facilities with required physical diversity, redundant IT hardware and software, hot-swap data centers, and backup and recovery. Financial goals are the basis for policies that cover a range of matters: lease vs. buy decisions; years in service; disposition of assets; etc. Operational goals on issues such as efficiency give rise to policy on training, various lines or responsibility, and documentation
Marketplace Requirements. Rarely does an organization’s IT environment operate in a channel vacuum. Customer-supplier (or supply chain) mandates can create the need for clearly-defined policies. For instance, inter-organizational policies might define required electronic communications (i.e., electronic data interchange [EDI]). Likewise, policies define acceptable use of technology, privacy, and network security.
BayLou has extensive experience in helping clients establish the necessary policy framework for their IT environment. Our methods are applicable for organizations at various levels of expertise. And we introduce our best practices in developing policies in a way that engages multi-functional stakeholders, as policies ultimately come with implications across the organization’s departmental footprint — finance, legal, personnel, logistics, IT, etc.