General discussion

Locked

Who should write Policies and Procedures?

By Net Designer ·
Who do you think should write Network and Computer use Policies and Procedures: network administrator, overloaded with daily routine tasks and various IT projects, or IT Manager?

This conversation is currently closed to new comments.

92 total posts (Page 3 of 10)   Prev   01 | 02 | 03 | 04 | 05   Next
Thread display: Collapse - | Expand +

All Comments

Collapse -

should be team in IT

by jclambert In reply to Team work

I have worked in IT for several companies with unique technology needs. Without input from HR and the Business side, I would have overlooked and/or 'locked-down' things too tightly in some areas. In a sense crippling the company. I agree that a commitee approach works best. m I just like having the final say though ;-)

Collapse -

On The Right Track

by znovaky In reply to should be team in IT

It was rather amusing reading the trail of responses, especially from the "stress" zealot! I believe your on the right track, and it does not take 20+ years of IT to deduce this. Depending on the branch of IT you operate in - Service, Operations, Consulting, etc.; you will run across divergent needs and requirements that will play a role in the formulation of P&P. I happen to work in the service sector - 24x7 entertainment (Casino). We happen to be one of the most progressive branches, as new technologies run rampant in the mushrooming industry. Keeping track of the new technology requires effective P&P. I have to second the responses of those that wrote that understanding the business and operations is key, and soliciting the assistance of HR is crucial. IT can no longer work in a vacuum, entrusting the Admnins to come up with policy. Not only is this endeavor an IT Team Endeavor - Net Ops, Admins, Analysts, IT Management; but also those newly found IT positions such as - Business Systems Analyst, Project Managers (PMI), etc. Hope this helps.

Collapse -

Include Legal

by ibillybibilly In reply to should be team in IT

Working for a large, religious non-profit, our team included the legal department. Their perspective in protecting the organization from liability played heavily into the design of our policy manual. They also had the wisdom to make the policy broad in order to make it's implementation flexible.

The downside of the broad approach is that I (lone IT Mgr. supporting 125 users) now find people violating the policy because they don't see how it applies to real life. Consequently, I am crafting a document called "Policies in Practice" with the help of my Director and his boss, the COO. This doc can be flexible and can grow and change as the environment changes, which is quite frequently.

In any case, it's essential to get buy-in from the top stakeholders. Otherwise, the policy will carry no authority.

Collapse -

Policies vs. procedures

by IT Security Guy In reply to I completely disagree

If you are talking about IT security policies, then the IT security group usually is the group to create the policy and allow the network and sysadmin group/management to review and make comments and corrections. The actual procedures I think should be written by the group who is in charge of that particluar are (e.g. network logon procedures or account creation procedures). I have written security policies, but procedures were written by others.

Collapse -

LOL....I had to read it twice but I agree

by dafe2 In reply to No one answer

Your right, managements role is the approval or re-write.

Management & the executive will be the one's responsible for policing, enforcing & educating on both.

Collapse -

Strictly a management function

by stress junkie In reply to Who should write Policies ...

Management makes the policy. The tech support personnel implement the policy. It's a simple question of definition of job title. If you look at the question from the perspective of another business department the answer becomes clear. Take the example of the business shipping department. Should the manager or the truck drivers make corporate policy? It's clear that truck drivers do not have the authority to make corporate policy. The same thing applies to IT. Managers make policy. Period.

Collapse -

A good manager

by awfernald In reply to Strictly a management fun ...

will utilize all the expertise (including the grunts) available to craft intelligent policy. It doesn't make sense to dictate policy that will be ignored or that can't be followed for some reason.

The grunts should reply to the policy with the procedures they use to actually implement the policy. If you do this correctly, you won't actually be implementing new policies or procedures, simply documenting the existing ones (unless there is a need to change them).

Collapse -

Yup, but.....

by LiamE In reply to Strictly a management fun ...

Yup... and if that policy that the manager makes involves a subordinate writing up policies then they do it. Period.

Just because management set policy doent mean they have to be involved in drafting it. Policies dont get written in a few minutes by one person in my experience. A typical process would be something like - subordinate drafts and then discusses with manager. Revisions made by subordinate. Manager then takes the document to the other parties (eg HR, VP/CIO etc), revise again as necessary and then finalise. Document signed off by the big cheese.

The wording of the question strongly suggests the question setter has an issue with their boss and their (perceived and/or real) workloads. It sounds like they feel put upon and this question is a symptomatic not the real heart of the issue for them.

Collapse -

He said - "just get me a policy"

by Net Designer In reply to Yup, but.....

No guidelines were given and only one week to think about it. Being overworked, like everyone else in IT, I'd suppose, it's impossible to sit down and concentrate on writing even a draft without knowing what he wants. Some responses here are right regarding pure techies - I'd restrict so many things irresponsible users do, that this policy wouldn't go nowhere besides the trash can and my time is too precious to spend this way.

Collapse -

Look at the silver lining

by NotSoChiGuy In reply to He said - "just get me a ...

Yes, the way it was dumped on you sucks. Yes, ideally, you would have more than just one person's input. Yes, policies really should be management driven. However, I would urge you to look at the positives:

You've been given an opportunity to outline the way you think things should be. Start thinking about some things that detract from your work (personal PC work requests, non-standardized equipment,virus cleanups, etc), and find a fair way to work them into the policy. Just be sure to only include items that you could reasonably defend, if called on it.

Even if you supervisor doesn't show it/say it, the fact he dumped this on you shows he has, even unconsciously, the faith that you can get this done (I am open to the possibility he is just oblivious to the importance of this, though).

If you have company policies on other facets of the business, I'd encourage you to take a look at them. In the policy you create, try to emulate the tone and nature (general terms vs. specific, normal language vs. legalese, etc) of those policies. Company policies tend to reflect the company culture, so you'll want to make sure your's fits in accordance to what is already out there for your outfit.

Also, if you are having trouble, there are a lot of templates available out on the web you could peruse (although I haven't looked for any in particular, I'd wager there are some on TR). Looking at these may help you keep from adding too much to your policy.

If you really want to get perspective on this, get up from the desk, go walk around the office, and pay attention to all the non-essential, non-standard stuff going on and think about what you can do about it.....

Are you back? Feel better?

Back to IT Employment Forum
92 total posts (Page 3 of 10)   Prev   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums