General discussion

Locked

Who should write Policies and Procedures?

By Net Designer ·
Who do you think should write Network and Computer use Policies and Procedures: network administrator, overloaded with daily routine tasks and various IT projects, or IT Manager?

This conversation is currently closed to new comments.

92 total posts (Page 5 of 10)   Prev   03 | 04 | 05 | 06 | 07   Next
Thread display: Collapse - | Expand +

All Comments

Collapse -

To a point

by JamesRL In reply to

The IT department provides services on behalf of the company. The IT department has a responsibility to ensure that the company's resources are wisely used, and the HR policies (no porn) can be enforced.

The IT department often is charged with giving information to the user's supervisor or to HR. What they chose to do with the information is not up to IT.

James

Collapse -

Agreed and I'll go one further...

by TomSal In reply to To a point

The IT department, I contend, does have something to do with policy concerning the companies technology as one of the large reasons a company pays for IS staff is to not only configure and maintain the technology but to prevent it from failing and securing it against threats.

Example of what I mean...Regardless if a manager, **** if an executive gives authority for someone to go to whatever site or do whatever online -- if there is reason for the IS department to suspect the system will be comprised either by being hijacked or virus infection -- IS over-rides the authority of even the executive.

That's one thing about here, you guys heard me sound off a lot, but at least that is one thing my place understands. I've even stopped the owner of the place from going to a site because of the threat it poses to our network.

He didn't get upset (well a little at first) after I explained and told him why my concern. Then he was fine by it because he at least knows enough that that's one of the reason he pays me.

So yeah...in 9 out of 10 cases IS has no say, but in that 10th case where there is a threat involved..IS has every right to over-ride even the higher ups.

Just make sure you give as much factual information as possible to explain your reasoning and communicate it without emotion.

Collapse -

Management Responsibility

by Deadly Ernest In reply to Who should write Policies ...

Policy writting is a management responsibility and the current management best practices and theory is that the manager for the area that has responsibility for that material is the one to write the policies for that area / subject. Thus the IT manager is responsible for writing the IT policies; a good manager will then give them to their line managers/supervisors for comment and feedback as they may note operational aspects that the manager missed.

I have both management and IT qualifications and have worked in both general management and then IT.

NB: I am on a 24 kbps line and did not read all the responses already given, so if I am repeating another response - sorry.

Collapse -

Leaders write policy and managers enforce them

by Hockeyist In reply to Who should write Policies ...

In my experience it's the leaders who write policy & procedures and it's managers who approve and enforce them.
Are you a leader?

Collapse -

Collaboration is necessary

by no1trini In reply to Who should write Policies ...

Both should have a big part to play in the development of policies. While the IT manager should be more familiar with the business goals and vision, they would not be as familiar as the support tech or the network administrator when it comes to common user issues. So, on the advice of the network administrator or systems administrator, the IT manager could develop policies.

Collapse -

by TonytheTiger In reply to Collaboration is necessar ...

I think it's important to establish a clear line between policy and procedure. I think most "common user issues" would fall under the latter.

Collapse -

Too right

by Tony Hopkinson In reply to

Procedures enact policy. They should always be written for the people who have to do them, therefore it's a lot more practical for the people who have to use them to write them. You get buy in and ownership that way, not to mention no excuses about unworkable ones.
Unworkable policy is a different matter entirely.

Collapse -

The question is flawed. It should be the Tech Writer and...

by wordworker In reply to Who should write Policies ...

...a committee with at least one representative from Network Admin, Data Network Services, Development, Help Desk, Infrastructure, Telecommunications, IS Security, Database Administrators, and any other group on your IS org chart.

Once the "ground level" soldiers on the Security Policy Committee agree on what policies should be written in the first place, and on how each policy should be worded, then those documents should be presented to IS Senior Management.

Once IS Senior Management approves the policies, they must be communicated OUT to the lines of business, or they're not worth the paper they're printed on.

Well written policies, with revision tables showing when they were drafted and each time they were reviewed and revised, will come in very handy for companies facing SOX or HIPAA compliance audits. Auditors will ask: What's your policy? How are you enforcing it? Where's the proof that you're enforcing it?

Collapse -

In an ideal world

by JamesRL In reply to The question is flawed. ...

You would have all of that and more (HR should be involved in policies, because they deal with the consequences).

But not every organization has all these types of people. I worked in a large corporation with an IT department of 5000, and there were no Technical writers.

There should be feedback from stakeholders, including internal user groups if they exist.

As far as communicating, at a previous employer we had a good policy. You had to sign a document acknowledging the policies and the consequences(up to and including termination) before you had a network ID and password given to you.

James

Collapse -

It's a one-man shop...

by Net Designer In reply to The question is flawed. ...

than what do you do?

Back to IT Employment Forum
92 total posts (Page 5 of 10)   Prev   03 | 04 | 05 | 06 | 07   Next

Related Discussions

Related Forums