Review Your Policies – QSP: Defining the Policy Review Process

By Dr. Barbara Rembiesa

Your organization probably has more policies in place than one could count. These policies can range from organizational activities and procedures to behavioral requirements while at work. These policies are important to daily function, but sometimes overlap occurs between two policies. They essentially say the same thing in two different ways because they were instituted at two different times and possibly by two different groups. These are the sort of policies that need to be removed during review.

The Quick Success Project (QSP) I am going to discuss today is found within the Policy Review Process which is a culmination of the Creation and Reconciliation processes. This will help ensure that policies that are created addressing ITAM issues are pertinent to the organization and that all policies serve a unique purpose. This will save money for the organization, streamline the education process for policies, and achieve a greater understanding of what is expected from each end user.

To establish a baseline of understanding regarding policies, I found it important to mention the following: A critical success factor for any IT asset management program is administration of your policies. Policies need to be clearly defined, understandable, and equally enforced across the enterprise. As a best practice, IAITAM has identified more than thirty policy areas in the IBPL that relate directly to IT asset management and must be defined for any organization. Once defined, the policies must be accessible and presented in a way that employees can readily understand what is required and why it is beneficial for the organization. That being said, we can move forward to the QSP for this month, the Policy Review Process.

QSP – Defining the Policy Review Process

The first question is who sits on the committee for ITAM policies when they come up for review. IAITAM’s recommendation for policy review is to have a cross functional, trained team that looks at current policies for effectiveness, enforcement, and ensures they cover the organizational needs. Don’t forget that a representative of those most heavily impacted by the policy should be represented in that team. Remember that policies are living documents, and without set reviews, they can become outdated, unenforceable, and obsolete.

Impact, benefits, and outcomes of this project to the ITAM Program and the organization

Eliminates outdated, unenforceable, and obsolete Policies warranting each policy aids in risk mitigation, provides operational direction, and helps to effectively manage actions

Every policy that is instituted into the organization has a particular time period before it needs to be reviewed. The reviewing of the policies within the organization is essential to keeping policies relevant to the organizational needs as well as identifying areas within an existing policy that need to be updated. By reviewing the policies, risk is mitigated for the organization, the direction in which the policy is taking the organization is assessed and altered if necessary, and the actions that the policy dictates are examined to ensure that they help reach the desired business objectives for the organization.

Ensures current policies have tangible value for the organization aligning policies with organizational mission, goals, and needs

If a policy does not provide measureable and tangible value to the organization, then there is no valid reason for the policy. The easiest way to measure the effect a policy has on the organization is to generate policies with organizational goals taken into account. Generating policies in this manner will create a finite meter that can be used to measure the effectiveness of the policy to the organization. This policy alignment not only helps provide a measuring tool for the policies, but it is also considered a Best Practice method for policy generation.

Ensures compliance for the organization guarantees effectiveness and enforceability

One of the primary goals of policy generation is to maintain compliance within the organization from every front. By generating necessary policies with the intent of compliance maintenance, the organization is able to add to the actions that the policy governs to help ensure the effectiveness and enforceability of the policy. This is a critical component for compliance for the organization. Compliance audits can be a challenging task for any organization, but with the right policies in place and uniform adherence to those policies, the organization can be better prepared.

These are the primary items you need to consider when it comes to ITAM policy reviews. Many organizations have policies for just about every aspect of their operations, but when it comes to IT asset management, they are severely lacking. IAITAM’s best practice advice is that a program so key to areas of risk, savings and efficiencies to the organization should be built on a platform of policies that adhere to and enhance the goals of the organization.

About the Author

Before founding IAITAM, Barbara held key positions in both the financial and consulting sectors. Barbara has implemented and supervised asset tracking projects, discovery tool implementations and has been brought in as an industry expert to consult major savings and loans, universities, manufacturers and high tech industries throughout the United States. Barbara has also, successfully represented corporations in negotiations with compliance agencies for software violations. Barbara has implemented and designed disaster recovery programs for professional software testing and storage facilities including, but not limited to, off-site storage facilities, and has helped over 200 companies before forming IAITAM and successfully implemented improved software and hardware acquisition programs. As President and Co-founder of IAITAM, Barbara brings over a quarter century of industry knowledge and experience to the management of IAITAM, and provides key guidance and the entrepreneurial spirit to its staff and members.