Business Standards and Policies

Introduction

Make no mistake about it; a thorough understanding of the differences between policies and standards is oh so essential to competitive resiliency, business continuity and the development of applicable, relevant policies for you and your organization.

Standards

From a generic point-of-view, standards usually originate from without an organization.

In areas with no official standards or regulatory requirements organizations are free to choose whether or not to voluntarily adopt the various standards and/or proposed standards (this is known as opt-in). In these cases the degree of compliance can also vary considerably from one organization to the next.

Conversely external factors such as the need to comply with legislation or industry-wide recommendations may conspire to force an organization to adopt specific standards.

Whenever legislation and/or other regulations are applicable failure to comply with their provisions will ultimately result in the imposition of punitive penalties. Depending upon the breach incarceration may result.

Policies

On the other hand and in marked contrast to standards policies generally originate from within an organization. The primary objectives and basic functions distributed and/or detailed/proposed via the policy format are generally intended to deliver positive benefits whilst avoiding negative effects at least from the organization’s perspective.

Think of a policy as being a statement of organizational intent with the goal of formulating a deliberate plan of action to guide decisions and achieve rational outcome(s). As such the term may apply to government, private sector organizations and groups, as wells as to individuals.

Policy-Based Decision Making

The term “policy” is also used to refer to the process of making important organizational, management, financial and administrative decisions. This includes the identification of different viable alternatives such as processes, programs, projects or spending priorities. These alternative options are considered to form a pool of possible solutions from which the final selection will come.

One area where adherence to policy has considerable impact is in the making of a selection from this pool of possible solutions particularly when many of the candidates in the range are more-or-less equal prospects. In these situations it is often the case that company policy will act as the “tie-breaker” by influencing or even dictating which option wins by clearly defining and delineating the criteria for selection in each instance.

So it is; that generically speaking, company policy aims to facilitate the rapid attainment of specifically defined explicit goals while preserving organization-wide consistency.

Policy Compliance

Compliance with corporate policy is generally not negotiable and the individual at fault will generally experience some form of penalty. The type of penalty will vary from one organization to the next. The ultimate penalty for non-compliance with organizational policies would be termination of employment.

Policy Goals, Objectives and Targets

The possibilities here are endless so to provide a “big picture” view of policies I will make special note of a couple below. Some of the reasons for developing a policy include:

Exploitation – Policies may created to improve an organization’s capacity to exploit the positive benefits (from their perspective) of any given scenario or situation as identified by that organization

Mission Statement – Regardless of the type of policy being implemented a clearly defined policy mission (mission statement) is always instrumental in maximizing a policy’s capacity to perform and attain its goals.

Privacy – Privacy policies such as corporate privacy policies are widely used today and will generally include information pertaining to their collection, storage, updating, notification, security and eventual secure disposal.

Distribution Policies – Distribution Policies regulating the distribution and sharing of resources within the organization are another common type of policy to be found around the globe in a multiplicity of guises.

Security – Never forget the many elements of security. Policies will need to be developed and implemented concerning personal well-being, intruders, hackers, accidents, down-time etc.

Monitoring – Monitoring and evaluating the current policy status in order to determine whether or not your policy initiatives have/are effective is critical to the success of your overall plan. You can also learn a lot about what to do and where change will have the most beneficial effects at the best dollar/benefit. Policy adherence issues must be dealt with in real-time as and where they arise.

Policy Management

Adopting a life-cycle approach to business policy management has the advantage of ensuring that all business policy can proactively adapt rapidly in concert with the prevailing yet ever changing business, political, social and regulatory climates now and well into the future. One example of a widely accepted business policy management life-cycle is the Bridgeman/Davis Policy Life Cycle depicted below.

Policy Documentation

One fundamental aspect of policy and policy development that may be overlooked is the task of adequately and appropriately documenting the policy. This is true whether it be an organization specific policy, an opt-in standards-based policy or a regulatory required standards-based policy. Elements that must be included with all documentary policy statements include:

Policy Purpose Statement – Why the policy is being implemented & what it is supposed to achieve

Policy Scope Statement – Who and what the policy affects as well as any express exclusions relating to specific individuals, organizations and/or actions

Policy Time Statement – When the policy takes effect, its intended period of tenure and when it is scheduled for updating and/or termination

Policy Responsibilities and Obligations Statement – identification of who is responsible for what along with clear and unambiguous identification of governance structures

Policy Effect Statements – The specific organizational standards, regulations, requirements, modifications and/or behaviors that the policy is intended to address or create

Policy Change and Change Management Statement – The formal declaration of accepted process and procedure for the instigation of change to or of policy

Policy Background Statement – The origins, reasoning, motivation, and historical perspective for creating the policy in the first place. Any underlying, extenuating or extrapolated process will be clearly identified and stated here.

Policy Milestone Statement – Clearly defined and listed stages at which the policy is deemed to have progressed throughout its life-cycle. Many milestones will therefore be used for the purpose of providing management with the metrics by which they can determine the progress of the development or current life-cycle status of the policy. Milestones will also feature prominently in policy sign-off statements and the policy sign-off pages or policy sign-off documentation (if separate to the remainder of policy documentation).

Policy Definitions and Terminology Statement – Clear and unambiguous definition and explanation of the terminology, concepts, methodologies and processes contained within the policy

Policy Life-Cycle Statement – Detailed presentation of the specific policy life-cycle model applicable to the policy. Clear and unambiguous statement of all terms conditions and processes applicable to the policy during each and every stage of its life-cycle and development.

Policy Sign-Off Statement – Provision for formal signature sign-off as the policy progresses through each of its life-cycle stages. Some of the milestone points where authoritative sign-off will be required will include initiation, identification, design, drafting, revision, re-evaluation, approvals, implementation, maintenance, continuing review redevelopment, redrafting and change implementation and eventual replacement and/or decommissioning.

Policy Milestone Sign-Off Page Statement – Provision of a formal sign-off page(s) intended for use as that section of the policy document where the required signatories must formally apply their signature to indicate currency and formal acceptance.