Reading the admonishments of the IT "establishment," one could be excused for thinking we were becoming politicians or diplomats. According to the pundits, each new technology and innovation requires a raft of overwrought "policy" documents. Whether it's social media, cloud computing, or boring old desktop usage, apparently the ultimate expression of IT value is producing a multichapter treatise of do's and don'ts that will likely be immediately filed in the bin by those who have actual work to do at your company.
The butt of most corporate jokes, our friends in HR, are another business unit historically mired in policy and in too many cases blind to its actual benefits to the company (or lack thereof). Think of the last time you received a series of email blasts addressed to every employee of your company, heralding the arrival of a new HR policy with the breathless zeal usually reserved for the latest teen celebrity. Was your reaction to drop everything you were doing, click the "refresh" button with bated breath until the newest HR policy appeared on the screen, and read every line with unreserved zeal?
If you are like most normal workers, you are overloaded with work, and if you expend more than eight seconds of consideration on a new HR policy, you are probably 100% more diligent than your peers. IT policies are greeted with similar distain and perhaps even less enthusiasm than HR policies simply because HR is the most visible entity in getting paychecks out the door. Rather than rushing to sign a raft of consultants to a six-figure engagement to develop the perfect IT policy, consider the following.
Treat your employees like adults until proven otherwise
Unless you have reason to suspect otherwise, you can safely treat your employees like adults. Certainly there is some percentage of them who will run an imaginary farm or mafia family during business hours, but more than likely that same demographic is sneaking a peek at their Blackberry or answering a business-related phone call in the off hours. Consider for a moment that these people are likely intelligent enough to realize that Mafia Wars is not work-related, so is a 50-page policy document from IT really going to change this behavior?
In most companies, people are regularly entrusted with million-dollar decisions and are usually able to manage these responsibilities quite capably without a policy document. Apply the same basic logic to your IT resources. Expect your people to make the right decisions without unwieldy lists of "don'ts." Just as when someone makes an inappropriate business decision or steals company resources and they are appropriately punished, educate and reprimand those who misuse IT resources without treating the rest of your staff like children.
Help staff use new tools appropriately
Rather than trying to craft a manifesto, work with interested parties to demonstrate new technologies or educate staff when a publicly available technology might be inappropriate for corporate use. Spend an afternoon with Marketing explaining the latest presence-based social media tools, and IT becomes a trusted advisor rather than the draconian "Facebook police."
Should you see a Web-based technology that poses a definite risk to information security, educate staff on the risk and provide an alternative. Perhaps you don't want employees putting sensitive internal information on a cloud-based storage site; if you can explain the risks in nontechnical terms and provide a reasonable alternative, most employees are willing to work with you and even offer suggestions on how IT might be able to meet a business need. If you block the latest service, you'll spend years playing cat and mouse as users thwart each new block you put in place.
Policies make you look silly
One of the most overlooked points is that overwrought policy documents make IT look silly. Most CIOs are clamoring for the illusive concept of "IT alignment," where IT is perceived as an integral part of the business rather than a cadre of internal order takers. The whole concept of extensive policy documents makes IT seem out of touch. If you can intelligently summarize the risks and associated benefits of new technologies to your executive peers, you can jointly develop a strategy for monitoring and mitigating the risks and promoting and leveraging the benefits. This can and should be a sidebar discussion to IT's other activities. When producing policies is the crowning achievement of an IT organization, it looks all the more compelling to outsource IT.
Patrick Gray works for a global Fortune 500 consulting and IT services company, and is the author of Breakthrough IT: Supercharging Organizational Value through Technology, as well as the companion e-book The Breakthrough CIO's Companion. Patrick has spent over a decade providing strategy consulting services to Fortune 500 and 1000 companies. Patrick can be reached at firstname.lastname@example.org and you can follow his blog at www.itbswatch.com. All opinions are Patrick's alone, and may not represent those of his employer.