Solved

Policy Management

Posted on 2011-03-09
2
380 Views
Last Modified: 2012-05-11
What is the problem with having departmental policies as opposed to corporate policies? I am on about any information management or information security policy - any IT related policy to be honest, but specifically stuff like information classification, data retention, records management, media sanitization etc etc. Where is the issue in each department having their own responsibilities to have such policy and procedures in place as opposed to corporate policies that mandate what each organisational department will do? I know it should be corporately dictated as opposed to departmentally but I am struggling to find some good justified reasons why – despite searching. Would prefer your comments as opposed to links.
0
Comment
Question by:pma111
2 Comments
 
LVL 27

Accepted Solution

by:
michko earned 250 total points
Comment Utility
Imho, one main reason for corporate policies over departmental policies.  Consistency - across the board.

Organizations run easier if rules and guidelines are similar across the various departments.  It eliminates (or reduces) confusion and misunderstandings.  It also allows for easier transfer/temp placement of personnel.

Granted, some departments will have special requirements that may be more stringent than those required by the company as a whole - take those on a one by one basis.

For example - IT purchase policy.  You want to try to standardize on one model/type of hardware with a standard software configuration.   This makes supporting those desktops a lot easier.  If you let individual departments determine what to purchase, then your support becomes much more difficult.

I work for a municipality, but the idea can be extended to the corporate world.  Let's say we let our Police and Fire departments each purchase hardware/software on their own.  What happens if they don't coordinate with each other?  Or agree with the best route to take?  Next thing you know, we are trying to support two completely separate systems that are supposed to communicate with each other - and most likely don't.  

However, I also need to be flexible enough to realize not every department is going to fit a standard mold.  The workstations needed for our Marketing department, who frequently create publications, flyers, work with large image files, etc., are completely different from those needed for most of our other employees in Finance, HR, etc.  So, set the generic configuration across the board at the typical user level - then beef up the machines for those positions that require something more.

The same idea goes for records retention, etc.  Set the policy at the corporate level, and the exceptions at the department level.  It really does make things much easier, rather than having 15 separate departments all going their own way without any common thread.

Hope that helps.

0
 
LVL 3

Author Comment

by:pma111
Comment Utility
Great advice, thank you its much appreciated
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The Bounty Board allows you to request an article or video on any technical topic, or fulfill a bounty request to earn points. Watch this video to learn how to use the Bounty Board to get the content you want, earn points, and browse submitted bount…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now