Get Instant Access
to This Blueprint

Cio icon

Review and Improve Your IT Policy Library

Create policies for the risks that matter most to your organization.

  • Your policies are out of date, disorganized, and complicated. They don’t reflect current regulations and don’t actually mitigate your organization’s current IT risks.
  • Your policies are difficult to understand, aren’t easy to find, or aren’t well monitored and enforced for compliance. As a result, your employees don’t care about your policies.
  • Policy issues are taking up too much of your time and distracting you from the real issues you need to address.

Our Advice

Critical Insight

A dynamic and streamlined policy approach will:

  1. Right-size policies to address the most critical IT risks.
  2. Clearly lay out a step-by-step process to complete daily tasks in compliance.
  3. Obtain policy adherence without having to be “the police.”

To accomplish this, the policy writer must engage their audience early to gather input on IT policies, increase policy awareness, and gain buy-in early in the process.

Impact and Result

  • Develop more effective IT policies. Clearly express your policy goals and objectives, standardize the approach to employee problem solving, and write policies your employees will actually read.
  • Improve risk coverage. Ensure full coverage on the risk landscape, including legal regulations, and establish a method for reporting, documenting, and communicating risks.
  • Improve employee compliance. Empathize with your employees and use policy to educate, train, and enable them instead of restricting them.

Review and Improve Your IT Policy Library Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out how to write better policies that mitigate the risks you care about and get the business to follow them, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

1. Assess

Assess your risk landscape and design a plan to update your policy network based on your most critical risks.

2. Draft and implement

Use input from key stakeholders to write clear, consistent, and concise policies that people will actually read and understand. Then publish them and start generating policy awareness.

3. Monitor, enforce, revise

Use your policies to create a compliance culture in your organization, set KPIs, and track policy effectiveness.


Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

8.5/10


Overall Impact

$45,815


Average $ Saved

19


Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

Town of Andover, MA

Guided Implementation

7/10

N/A

N/A

Not a lot of concrete directions for me to pursue either in organizing a policy database nor in selecting policy management technology solutions

Eswatini Railway

Guided Implementation

10/10

$9,847

32

The Infotech SME was able to explain and give guidance on the best approach to review and Improve our IT Policies.. This saved us money and time ... Read More

City of Alexandria, VA

Guided Implementation

9/10

$125K

20

Nelson

Guided Implementation

8/10

$1,600

4

Insights and reminders into what would drive the need or desire to put policies in place (managing risk).

Carver County, MN

Guided Implementation

10/10

N/A

5

NorthCentral Missouri College

Guided Implementation

10/10

$2,000

20

This material and guidance were just what I needed to help me start fulfilling a core need communicated to me by my institution's President. Having... Read More

Mercury Insurance Service

Guided Implementation

9/10

$58,899

10

Dodge County

Guided Implementation

9/10

$10,000

9

Great Lakes Cheese

Guided Implementation

10/10

N/A

N/A

Extremely helpful to hear from a professional in regards to policy and framework development/implementation. There were things just from the initi... Read More

Cross Country Mortgage, Inc.

Guided Implementation

10/10

N/A

N/A

Asahi Intecc USA

Guided Implementation

10/10

$50,000

50

City Of South Fulton

Guided Implementation

7/10

N/A

N/A

Georgia State Accounting Office

Guided Implementation

9/10

N/A

5

Strong knowledge of topic. Spoke a little fast at times.

Sirtex Medical US Holdings, Inc.

Guided Implementation

10/10

$64,999

50

Best: - the epiphany moment, during the first call with Larry Fretz when he said "Remember the purpose of a policy is to reduce risk". It might so... Read More

Highland Shores Children's Aid Society

Guided Implementation

8/10

$10,000

16

Very friendly and helpful consultants, great templates and documents/resources. The worst part is there is so many good topics and resources to lea... Read More

Financial Services Regulator Authority of Ontario

Guided Implementation

10/10

N/A

N/A


IT Management & Policies

Find the right balance between risk mitigation and operational efficiency.
This course makes up part of the Strategy & Governance Certificate.

Now Playing:
Academy: IT Management & Policies | Executive Brief

An active membership is required to access Info-Tech Academy
  • Course Modules: 5
  • Estimated Completion Time: 2-2.5 hours
  • Featured Analysts:
  • David Yackness, Sr. Research Director, CIO Practice
  • James Alexander, SVP of Research and Advisory, CIO Practice

Workshop: Review and Improve Your IT Policy Library

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Establish & Assess

The Purpose

  • Identify the pain points associated with IT policies.
  • Establish the policy development process.
  • Begin formulating a plan to re-design the policy network.

Key Benefits Achieved

  • Establish the policy process.
  • Highlight key issues and pain points regarding policy.
  • Assign roles and responsibilities.

Activities

Outputs

1.1

Introduce workshop.

1.2

Identify the current pain points with policy management.

  • List of issues and pain points for policy management
1.3

Establish high-level goals around policy management.

  • Set of six to ten goals for policy management
1.4

Select metrics to measure achievement of goals.

  • Baseline and target measured value
1.5

Create an IT policy working group (ITPWG).

  • Amended steering committee or ITPWG charter
1.6

Define the scope and purpose of the ITPWG.

  • Completed RACI chart
  • Documented policy development process

Module 2: Assess Your Risk Landscape & Map Policies to Risks; Create a Policy Action Plan

The Purpose

  • Identify key risks.
  • Develop an understanding of which risks are most critical.
  • Design a policy network that best mitigates those risks.

Key Benefits Achieved

  • Use a risk-driven approach to decide which policies need to be written or updated first.

Activities

Outputs

2.1

Identify risks at a high level.

  • Ranked list of IT’s risk scenarios
2.2

Assess each identified risk scenario on impact and likelihood.

  • Prioritized list of IT risks (simplified risk register)
2.3

Map current and required policies to risks.

2.4

Assess policy effectiveness.

2.5

Create a policy action plan.

  • Policy action plan
2.6

Select policies to be developed during workshop.

Module 3: Develop Policies

The Purpose

Outline what key features make a policy effective and write policies that mitigate the most critical IT risks.

Key Benefits Achieved

Write policies that work and get them approved.

Activities

Outputs

3.1

Define the policy audience, constraints, and in-scope and out-of-scope requirements for a policy.

3.2

Draft two to four policies

  • Drafted policies

Module 4: Create a Policy Communication and Implementation Plan and Monitor & Reassess the Portfolio

The Purpose

Build an understanding of how well the organization’s value creation activities are being supported.

Key Benefits Achieved

Identify an area or capability that requires improvement.

Activities

Outputs

4.1

Review draft policies and update if necessary.

  • Final draft policies
4.2

Create a policy communication plan.

  • Policy communications plan
4.3

Select KPIs.

  • KPI tracking log
4.4

Review root-cause analysis techniques.

Review and Improve Your IT Policy Library preview picture

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

MEMBER RATING

8.5/10
Overall Impact

$45,815
Average $ Saved

19
Average Days Saved

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Read what our members are saying

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Speak With An Analyst

Get the help you need in this 3-phase advisory process. You'll receive 9 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Assess
  • Call 1: Scope your policy development plan.
  • Call 2: Discuss policy governance roles and objectives.
  • Call 3: Assess the high-level risks to be addressed by policy.

Guided Implementation 2: Draft & Implement
  • Call 1: Identify stakeholders and plan to gather their input.
  • Call 2: Discuss critical components of policies.
  • Call 3: Plan sign-off and publication of finished policies.

Guided Implementation 3: Monitor, Enforce, Revise
  • Call 1: Discuss policies in the context of company culture.
  • Call 2: Review key performance indicators.
  • Call 3: Perform root-cause analysis on non-compliance.

Authors

David Glazer

David Yackness

Michael Blair

Contributors

  • Kevin Vigil, IT Director, Southwest Care Center
  • Kathleen Coyle, IT Policy and Process Maturity Manager, Moog Inc.
  • Michael Deskin, Policy and Technical Writer, Canadian Nuclear Safety Commission
  • Edward Kizer, Policy and Procedure Officer, Shelby County Government, Tennessee
  • J.J. Campbell, CIO, Agriculture Financial Services Corporation
  • Philippe Delisle, CIO, Englobe
  • Alison Robinson, CIO, University of Maryland
  • Mike Hughes, Principal Director, Haines-Watts UK
  • Ilir Azizi, Manager, Ministry of the Attorney General, Ontario
  • One anonymous Senior IT Policy Analyst, Government Agency
Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019