Policy Creation: Understanding the Why


Policies have a widespread impact on an organization, documenting the rules for employees and reflecting the culture of the organization. Functional areas have a responsibility to incorporate policy language into execution of the responsibilities within their departments. Management in each of these areas is also responsible for identifying inaccurate or missing policy languages. Depending on the organization, management may develop policy language and deliver it to those responsible for policy in HR and Legal for acceptance and publication. This process can take quite some time to complete.

With the broad scope of responsibilities that are part of IT Asset Management, IT Asset Managers rely on policies to create a common set of behaviors across the organization. IT Asset Managers use policies to control behavior, provide guidance as the organization changes and as a means of building cooperation or compliance. Grabbing the attention of employees can be difficult and lead to varying degrees of awareness and cooperation. In addition to that problem, organizational policies are often missing language important to ITAM that has to be created and adopted before the ITAM program can achieve goals to the fullest extent possible.

As a first step to implementing policy education and developing new policies, examine why policies are needed and the goals behind policy creation.
Why do we need a specific policy?

IT Asset Managers must identify why they need a policy within an organization and what the intended purpose is for that policy. Some of the most common needs for a policy are:

  • Internal control
  • Risk mitigation
  • “Find a need, Fill a need”

To prevent a chaotic and costly IT environment, controls need to be put in place. IT Asset Managers need to develop the controls surrounding IT assets and influence the behavior of employees across the organization. Without this control, organizations lose cost avoidance and savings opportunities because of the decisions made without the full scope of the organization in mind and without a global understanding of the impact an asset choice has on the organization. Policies properly implemented and enforced within an organization give IT Asset Managers the global influence that they need to generate those savings and other benefits from IT Asset Management.

Mitigating risks is another role for policies and policies that support the legal use of IT assets are essential to the organization. This language helps prevent costly audit and review situations when the software inventory is out of compliance. Also, by maintaining hardware and software inventories, the organization has the foundation for successful governance on a broad spectrum of legal responsibilities such as accountability, data privacy and reporting required in a specific industry.

Policy development is never done. New policies come out of necessity and IT Asset Managers may encounter situations where a policy is needed to improve the control over the outcome. Examples of these situations include specific procedures such as disposal location security, acquisition or IMAC (Install, Move, Add, Change). Organizational change and technology shifts can also create these situations. Current examples include the mobile industry (such as BYOD) and cloud computing (such as Software as a Service).

Policies are only effective if the language is clear and current and rules enforced. Keep that in mind when tempted to clutter policies with procedural details that belong in an unenforced document since procedures are frequently multi-threaded. Overall success with policies comes from knowing what needs to be accomplished and why. Quality over quantity in this situation cannot be overstated.

About the Author

The International Association of IT Asset Managers (IAITAM) is the largest organization providing education, certification and thought leadership to the management of IT as a business. IT Asset Management is the management of hardware, software, mobile and other technology to maximize the value to the organization.