Take the Pain out of IT Policies

Use a proactive, purpose-driven approach to write and implement policies that enable organizational success.


This content requires an active subscription.

Access this content by logging in with your Info-Tech Research Group membership or contacting one of our representatives for assistance.

Speak With A Representative Sign In
or Call: 1-888-670-8889 (US) or 1-844-618-3192 (CAN)

Your Challenge

  • Your policies are out of date, disorganized, and complicated. They don’t reflect current regulations and don’t actually mitigate your organization’s current IT risks.
  • Your policies are difficult to understand, aren’t easy to find, or aren’t well monitored and enforced for compliance. As a result, your employees don’t care about your policies.
  • Policy issues are taking up too much of your time and distracting you from the real issues you need to address.

Our Advice

Critical Insight

A dynamic and streamlined policy approach will:

  1. Right-size policies to address the most critical IT risks.
  2. Clearly lay out a step-by-step process to complete daily tasks in compliance.
  3. Obtain policy adherence without having to be “the police.”

To accomplish this, the policy writer must engage their audience early to gather input on IT policies, increase policy awareness, and gain buy-in early in the process.

Impact and Result

  • Develop more effective IT policies. Clearly express your policy goals and objectives, standardize the approach to employee problem solving, and write policies your employees will actually read.
  • Improve risk coverage. Ensure full coverage on the risk landscape, including legal regulations, and establish a method for reporting, documenting, and communicating risks.
  • Improve employee compliance. Empathize with your employees and use policy to educate, train, and enable them instead of restricting them.

Take the Pain out of IT Policies

Start here – read the Executive Brief

Read our concise Executive Brief to find out how to write better policies that mitigate the risks you care about and get the business to follow them, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.



Assess your risk landscape and design a plan to update your policy network based on your most critical risks.


Draft and implement

Use input from key stakeholders to write clear, consistent, and concise policies that people will actually read and understand. Then publish them and start generating policy awareness.


Monitor, enforce, revise

Use your policies to create a compliance culture in your organization, set KPIs, and track policy effectiveness.

Info-Tech Academy

Get Info-Tech Certified

Train your staff and develop a world-class IT team.

New to Info-Tech Academy? Learn more here

IT Management & Policies Course

Find the right balance between risk mitigation and operational efficiency.
This course makes up part of the Strategy & Governance Certificate.

Now Playing: Executive Brief

Course information:

Title: IT Management & Policies Course
Number of Course Modules: 5
Estimated Time to Complete: 2-2.5 hours

David Yackness, Sr. Research Director, CIO Practice
James Alexander, SVP of Research and Advisory, CIO Practice

Onsite Workshop

Book Your Workshop

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Establish & Assess

The Purpose

  • Identify the pain points associated with IT policies.
  • Establish the policy development process.
  • Begin formulating a plan to re-design the policy network.

Key Benefits Achieved

  • Establish the policy process.
  • Highlight key issues and pain points regarding policy.
  • Assign roles and responsibilities.



Introduce workshop.


Identify the current pain points with policy management.

  • List of issues and pain points for policy management


Establish high-level goals around policy management.

  • Set of six to ten goals for policy management


Select metrics to measure achievement of goals.

  • Baseline and target measured value


Create an IT policy working group (ITPWG).

  • Amended steering committee or ITPWG charter


Define the scope and purpose of the ITPWG.

  • Completed RACI chart
  • Documented policy development process

Module 2: Assess Your Risk Landscape & Map Policies to Risks; Create a Policy Action Plan

The Purpose

  • Identify key risks.
  • Develop an understanding of which risks are most critical.
  • Design a policy network that best mitigates those risks.

Key Benefits Achieved

  • Use a risk-driven approach to decide which policies need to be written or updated first.



Identify risks at a high level.

  • Ranked list of IT’s risk scenarios


Assess each identified risk scenario on impact and likelihood.

  • Prioritized list of IT risks (simplified risk register)


Map current and required policies to risks.


Assess policy effectiveness.


Create a policy action plan.

  • Policy action plan


Select policies to be developed during workshop.

Module 3: Develop Policies

The Purpose

Outline what key features make a policy effective and write policies that mitigate the most critical IT risks.

Key Benefits Achieved

Write policies that work and get them approved.



Define the policy audience, constraints, and in-scope and out-of-scope requirements for a policy.


Draft two to four policies

  • Drafted policies

Module 4: Create a Policy Communication and Implementation Plan and Monitor & Reassess the Portfolio

The Purpose

Build an understanding of how well the organization’s value creation activities are being supported.

Key Benefits Achieved

Identify an area or capability that requires improvement.



Review draft policies and update if necessary.

  • Final draft policies


Create a policy communication plan.

  • Policy communications plan


Select KPIs.

  • KPI tracking log


Review root-cause analysis techniques.

Search Code: 75057
Published: June 10, 2014
Last Revised: January 13, 2017