Contributors
- Kevin Vigil, IT Director, Southwest Care Center
- Kathleen Coyle, IT Policy and Process Maturity Manager, Moog Inc.
- Michael Deskin, Policy and Technical Writer, Canadian Nuclear Safety Commission
- Edward Kizer, Policy and Procedure Officer, Shelby County Government, Tennessee
- J.J. Campbell, CIO, Agriculture Financial Services Corporation
- Philippe Delisle, CIO, Englobe
- Alison Robinson, CIO, University of Maryland
- Mike Hughes, Principal Director, Haines-Watts UK
- Ilir Azizi, Manager, Ministry of the Attorney General, Ontario
- One anonymous Senior IT Policy Analyst, Government Agency
Your Challenge
- Your policies are out of date, disorganized, and complicated. They don’t reflect current regulations and don’t actually mitigate your organization’s current IT risks.
- Your policies are difficult to understand, aren’t easy to find, or aren’t well monitored and enforced for compliance. As a result, your employees don’t care about your policies.
- Policy issues are taking up too much of your time and distracting you from the real issues you need to address.
Our Advice
Critical Insight
A dynamic and streamlined policy approach will:
- Right-size policies to address the most critical IT risks.
- Clearly lay out a step-by-step process to complete daily tasks in compliance.
- Obtain policy adherence without having to be “the police.”
To accomplish this, the policy writer must engage their audience early to gather input on IT policies, increase policy awareness, and gain buy-in early in the process.
Impact and Result
- Develop more effective IT policies. Clearly express your policy goals and objectives, standardize the approach to employee problem solving, and write policies your employees will actually read.
- Improve risk coverage. Ensure full coverage on the risk landscape, including legal regulations, and establish a method for reporting, documenting, and communicating risks.
- Improve employee compliance. Empathize with your employees and use policy to educate, train, and enable them instead of restricting them.
Guided Implementations
This guided implementation is a nine call advisory process.
Guided Implementation #1 - Assess
Call #1 - Scope your policy development plan.
Call #2 - Discuss policy governance roles and objectives.
Call #3 - Assess the high-level risks to be addressed by policy.
Guided Implementation #2 - Draft & Implement
Call #1 - Identify stakeholders and plan to gather their input.
Call #2 - Discuss critical components of policies.
Call #3 - Plan sign-off and publication of finished policies.
Guided Implementation #3 - Monitor, Enforce, Revise
Call #1 - Discuss policies in the context of company culture.
Call #2 - Review key performance indicators.
Call #3 - Perform root-cause analysis on non-compliance.

Info-Tech Academy
Get Info-Tech Certified
Train your staff and develop a world-class IT team.
An active membership is required to access Info-Tech AcademyNew to Info-Tech Academy? Learn more here
IT Management & Policies
Find the right balance between risk mitigation and operational efficiency.
This course makes up part of the Strategy & Governance Certificate.
Course information:
- Title: IT Management & Policies
- Number of Course Modules: 5
- Estimated Time to Complete: 2-2.5 hours
- Featured Analysts:
- David Yackness, Sr. Research Director, CIO Practice
- James Alexander, SVP of Research and Advisory, CIO Practice
- Now Playing: Academy: IT Management & Policies | Executive Brief
Book Your Workshop
Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Module 1: Establish & Assess
The Purpose
- Identify the pain points associated with IT policies.
- Establish the policy development process.
- Begin formulating a plan to re-design the policy network.
Key Benefits Achieved
- Establish the policy process.
- Highlight key issues and pain points regarding policy.
- Assign roles and responsibilities.
Activities
Outputs
Introduce workshop.
Identify the current pain points with policy management.
- List of issues and pain points for policy management
Establish high-level goals around policy management.
- Set of six to ten goals for policy management
Select metrics to measure achievement of goals.
- Baseline and target measured value
Create an IT policy working group (ITPWG).
- Amended steering committee or ITPWG charter
Define the scope and purpose of the ITPWG.
- Completed RACI chart
- Documented policy development process
Module 2: Assess Your Risk Landscape & Map Policies to Risks; Create a Policy Action Plan
The Purpose
- Identify key risks.
- Develop an understanding of which risks are most critical.
- Design a policy network that best mitigates those risks.
Key Benefits Achieved
- Use a risk-driven approach to decide which policies need to be written or updated first.
Activities
Outputs
Identify risks at a high level.
- Ranked list of IT’s risk scenarios
Assess each identified risk scenario on impact and likelihood.
- Prioritized list of IT risks (simplified risk register)
Map current and required policies to risks.
Assess policy effectiveness.
Create a policy action plan.
- Policy action plan
Select policies to be developed during workshop.
Module 3: Develop Policies
The Purpose
Outline what key features make a policy effective and write policies that mitigate the most critical IT risks.
Key Benefits Achieved
Write policies that work and get them approved.
Activities
Outputs
Define the policy audience, constraints, and in-scope and out-of-scope requirements for a policy.
Draft two to four policies
- Drafted policies
Module 4: Create a Policy Communication and Implementation Plan and Monitor & Reassess the Portfolio
The Purpose
Build an understanding of how well the organization’s value creation activities are being supported.
Key Benefits Achieved
Identify an area or capability that requires improvement.
Activities
Outputs
Review draft policies and update if necessary.
- Final draft policies
Create a policy communication plan.
- Policy communications plan
Select KPIs.
- KPI tracking log
Review root-cause analysis techniques.
After each Info-Tech experience, we ask our members to quantify the real time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this Blueprint, and what our clients have to say.
Client
Experience
Impact
$ Saved
Days Saved
Dodge County
Guided Implementation
9/10
$10,000
9
Great Lake Cheese
Guided Implementation
10/10
N/A
N/A
Cross Country Mortgage, Inc.
Guided Implementation
10/10
N/A
N/A
Asahi Intecc USA
Guided Implementation
10/10
$50,000
50
City Of South Fulton
Guided Implementation
7/10
N/A
N/A
Georgia State Accounting Office
Guided Implementation
9/10
N/A
5
Sirtex
Guided Implementation
10/10
$63,667
50
Highland Shores Children's Aid Society
Guided Implementation
8/10
$10,000
16
Financial Services Regulator Authority of Ontario
Guided Implementation
10/10
N/A
N/A
Jamaica Civil Aviation Authority
Guided Implementation
8/10
N/A
N/A
Academic Partnerships
Guided Implementation
8/10
$31,833
90
Centre for Ecology & Hydrology
Guided Implementation
10/10
$3,480
5
Town of Richmond Hill
Guided Implementation
8/10
$3,000
10
Gateway Technical College
Guided Implementation
8/10
N/A
5
Hoffman Southwest
Guided Implementation
10/10
$31,833
10
Effort Trust
Guided Implementation
9/10
$10,000
10
Gateway Technical College
Guided Implementation
9/10
$12,733
N/A
Unisys Corporation
Guided Implementation
7/10
$31,833
50
Belize Telemedia Limited
Guided Implementation
9/10
$31,833
10
INPO
Guided Implementation
10/10
N/A
N/A
Moneris Solutions
Guided Implementation
10/10
N/A
N/A
Highlands County Clerk of Courts
Guided Implementation
10/10
N/A
N/A
Graham Healthcare Group
Guided Implementation
10/10
$5,093
10
Eastern Michigan University
Guided Implementation
10/10
N/A
8
AgeTech
Guided Implementation
10/10
N/A
10
Effort Trust
Guided Implementation
10/10
$10,000
10
McKeil Marine Limited
Guided Implementation
9/10
$6,000
10
SmartCentres Management Services Inc
Guided Implementation
8/10
$5,000
30
Boyd Gaming
Guided Implementation
8/10
$2,546
15
SmartCentres Management Services Inc
Guided Implementation
10/10
$5,000
15