Learn how to win support for your new IT policy

Nothing creates resistance faster in an organzation than when new rules are introduced. If you want your policies to be accepted, you can't merely create them and have them be effective. You must win support for them. In this article, Tom Mochal shows you how.

Have you ever had to create an IT policy to formalize the way that some process is executed or the way people perform certain functions? If you have you know that it may or may not be easy. Actually effort required to implement IT policies can vary dramatically in different organizations depending on your governance culture. (Governance refers to your ability to enforce organization priorities through the management hierarchy.)

If you are in an organization with strong governance you can get a policy adhered to strictly through the governance process. You create the policy, get it approved through the appropriate channels, and then issue it for everyone to follow. In this case the concept of winning support for the policy applies to the approval process. Once the policy is approved, the management structure enforces it. This way of winning support is perhaps applicable in the military and other organizations with a strong governance culture.

However, let's say that you work in an organization where it is not quite so easy. You have to work a little more to gain acceptance of your policy. If this applies to you, the following steps will help win support for your policy.

1. Make sure you own the business or IT process.

You can't create policies in areas that you don't own. This means that you can create a database policy if you are the database group. You can create a telecommunication policy if you are in the telecommunications group. However, you can't create the new helpdesk policy if you are in the IT development area. Of course, the policy may be issued by another senior manager. I have seen the CIO issue a policy on cell phone usage. However, the CIO certainly did not create the policy. The telecommunications people did.

2. Communicate the purpose of the standard policy.

People must understand why you are creating the policy. There has to be a clear purpose. Not everything needs a common policy. For instance, having a policy that results in email getting scanned for viruses and spam is important. Determining how often a manager must talk to each staff member probably cannot be dictated in a policy.

3. Make sure the policy drives business value.

Policies provide guidance on how things should be done, so they save the time and effort that would be required if everyone had to figure it out on their own. You need to make sure your organization derives overall value from your policy. A policy that results in more effort and cost without corresponding business value doesn't make sense. You might as well leave people on their own if that drive more organizational value.  

4. Get input from affected groups.

It's a good idea to gather input from the people that the policy will impact. This helps make sure that the policy is workable and also helps solicit their buy-in for when the policy is issued.

5. Validate the policy make sense.

This sounds obvious, but sometimes misguided policies are written that never have a chance to be adopted or supported because they don't make sense. People will generally be more apt to follow a policy that seems to make sense, even if they don't agree with it entirely. One way to ensure the policy makes sense is to circulate it to a broader group of people outside your functional area.

6. Make sure the policy is clear.

You don't want to issue a policy and have people say they do not understand it. In fact, it would be good if your organization has a common format for describing your policies. The policy must be very clear on when it is applicable, who it applies to, how you work under the policy, etc. You may need to provide some examples. If there are general exceptions, make sure you state what those are. Just as with the point above, you probably want to circulate the policy to others outside your functional area to make sure it is understandable.

7. Try to have an enforcement mechanism.

You can issue a policy that is perfectly clear and that has everyone's buy-in. However, you will be much more successful if you have an enforcement capability. For example, you may be able to enforce a policy on scanning for email viruses since you probably own the email servers. However, if you issue a policy on email etiquette, you will probably be less successful because you don't have the enforcement capability.

That's just the start

Those are some of the basics. Depending how political your policy is, you may have a multifaceted campaign to communicate the policy and gain the support of the effected staff. However, for most policies, you just need the basics – be the owner,  have a purpose, drive business value, have a reasonable policy, be clear, gather initial feedback and have an enforcement mechanism if possible. If you will follow th4se simple, but critical steps, you will have a much better chance of building support for your policy with the people that are affected.