IT Managers with laptops working through their organisations security governance approach IT Managers with laptops working through their organisations security governance approach IT Managers with laptops working through their organisations security governance approach

Policy Tips

Here are some tips to ensure your policies are written in a way that avoids including process information and maintains clarity and effectiveness:

Define scope and intent: Start each policy with a clear statement of its scope and intent, essentially what the policy aims to achieve without diving into specific actions or steps.

Think about principles and guidelines: Policies should articulate principles, values, and high-level guidelines rather than specific procedures, a policy should answer the questions of "what" and "why" rather than "how."

No detailed instructions: Don’t include any step-by-step instructions or specific methods in a policy, that type of detail belongs in a procedure.

Language: Use language that is broad and flexible, allowing for interpretation and adaptation to different contexts within the organisation.

Involve stakeholders: Involving stakeholders such as policy owners, subject matter experts, and affected parties, in the policy development process will ensure that you draft a comprehensive and accurate representation of the intended scope.

Provide Training and Guidance: Offer training and guidance to employees so they develop a clear understanding of policies versus processes and procedures. Clarify roles and responsibilities in interpreting and implementing policy directives.

The table below illustrates the differences between a backup policy document and a backup process document.

In summary, the backup process document focuses on operational details and technical procedures, while the backup policy document emphasises strategic principles, guidelines, and compliance requirements.

The process document is targeted at IT operations and technical staff, whereas the policy document applies broadly to all employees and stakeholders.

The process document has detailed, step-by-step instructions, whereas the policy document provides high-level statements and guidelines.

Lastly the process document guides implementation and daily operations, while the policy document sets the framework and standards for backup management across the organisation.

Contact Us Today

Fill in the form below or call us on +61 3 9913 3248 (VIC), +61 7 3194 3664 (QLD) or +61 2 9098 8206 (NSW)