Delivering IT Value is a tough task. Delivering IT Value when there are no rules to follow in an organization is tougher. Delivering IT Value when there are rules to follow but they’re not written down or well understood? That is a failure waiting to happen.

IT departments are notorious for having differing standards of treatment depending on who the client is, when they request services, and who delivers the services. Each of these elements is important, but the foundation that underpins each one—and the foundation to delivering IT Value—is having a strong suite of IT policies.

What is a Policy?

The Oxford Dictionary defines policy as, “A course or principle of action adopted or proposed by a government, party, business, or individual.”

For our purposes, we can tailor that a bit more, to define a policy as “a broad set of principles and guidelines that are created and enforced by a governing body of an organization, to direct and limit certain actions in pursuit of long-term goals.”

This means that policies provide a foundation in a business environment to create more predictable outcomes for an organization. In IT, these are especially important because they set boundaries and guidelines for technical teams that manage and direct resources. This is important to understand because most technical folks are ruled and governed by logic and reason, but often blurred by technical excitement.

Why Policy is Important

It’s an occupational hazard—even though technical staff are trained to solve problems using logic and reason, they often don’t have all the facts when making decisions. They are told to implement the best solution for a problem, but they don’t take into account the boundaries, limitations, and external dependencies that no doubt exist.

Creating broad IT policies that set boundaries for both the technical team and the end users will help provide the right solution for your organization. In turn, this will allow you to create better outcomes. Better outcomes mean an increase in IT Value, especially when applied across the various IT practices (IT Asset Management, IT Service Management, IT Financial Management, and Procurement).

Policy Pitfalls

Despite the value of policies, there are a few pitfalls that organizations fall into when formulating them:

  • They are inaccessible to employees and contractors;
  • They are too granular;
  • They are department specific rather than organizational;
  • They are not measurable;
  • They are not enforceable (or perhaps aren’t enforced on purpose); and/or
  • The workforce doesn’t read them.

Each of these pitfalls could (and perhaps in the future will) have their own blog post, but in the meantime, below are the essentials to consider for your organization.

IT Policy Cheat Sheet

The following list of IT policies would be advantageous for most organizations to formulate, adopt, and socialize within their organization.

  • Acceptable Use Policy
  • End User Downloads Policy
  • Central Purchasing Policy
  • Software Deployment Policy
  • Hardware Policy
  • Loss and Theft Policy

Do you need a primer to help you create one of these policies in your organization? Ask us. We have countless examples and experiences to draw from that can help you implement these faster and more effectively.

Policy Advice

If you do set out to create one or more policies, there are a few additional things to keep in mind.

Look for opportunities to use technology as an enforcement mechanism. This will provide consistency, and make things easier for your team to implement.

Policy formulation is an iterative process. Don’t expect to get it right on the first draft. Consult with key people who will be affected by the policy, and incorporate their suggestions where you can. This will bring more success than introducing something unilaterally.

Approval and endorsement is crucial to avoid debating the authority of the policy. Leverage the governance process in your organization, and take the policy all the way to the CEO for signature. That will help everyone understand the weight the policies carry.

Do you have advice about implementing IT policies? We’d love to hear them.