- Carole Fennelly, Owner, cFennelly Consulting
- Marko Diepold, IT Audit Manager, audit2advise
- Martin Andenmatten, Founder & Managing Director, Glenfis AG
- Myles F. Suer, CIO Chat Facilitator, CIO.com/Dell Boomi
- Peter Sheingold, Portfolio Manager, Cybersecurity, Homeland Security Center, The MITRE Corporation
- Robert D. Austin, Professor, Ivey Business School
- Ron Jones, Director of IT Infrastructure and Service Management, DATA Communications
- Scott Genung, Executive Director of Networking, Infrastructure, and Service Operations, University of Chicago
- Steve Weil, CISSP, CISM, CRISC, Information Security Director, Cybersecurity Principal Consultant, Point B
- Tony J. Read, Senior Program/Project Lead & Interim IT Executive, Read & Associates
- Time and money are wasted dealing with mistakes or missteps that should have been addressed by procedures or policies.
- Standard operating procedures are less effective without a policy to provide a clear mandate and direction.
- Adhering to policies is rarely a priority, as compliance often feels like an impediment to getting work done.
- Processes aren’t measured or audited to assess policy compliance, which makes enforcing the policies next to impossible.
- Document what you need to document and forget the rest. Always check to see if you can use a previously approved policy before you create a new one. You may only need to create new guidelines or standards rather than approve a new policy.
Impact and Result
- Start with a comprehensive policy framework to help you identify policy gaps. Prioritize and address those policy gaps.
- Create effective policies that are reasonable, measurable, auditable, and enforceable.
- Create and document procedures to support policy changes.
This guided implementation is a five call advisory process.
Guided Implementation #1 - Identify policy and procedure gaps
Call #1 - Assess current policies, operational challenges, and gaps.
Call #2 - Mitigate significant risks.
Guided Implementation #2 - Create and review policies
Call #1 - Modify and review policy templates with an Info-Tech analyst.
Guided Implementation #3 - Create and review procedures