Policies and Procedures
Why Are They Used?
A policy outlines rules and provides principles that guide the actions to be taken, it will set out roles and responsibilities that can be accountable.
You have followed policies all your life and may never have thought of it. For example, โNo TV until homework is doneโ or โbedtime at 8 pmโ, are policies commonly laid down by parents. These are simple and easy to understand; consequences may include loss of TV privileges or no treats. Policies laid down in business and government will be more complex and have more serious consequences. For example, an insurance policy is a very detailed agreement between you and the insurance provider.
Policies may also be a collection of policies, and IT Security policy will have other policies pertaining to it. Any new employee will be expected to, read, and sign an acceptable use policy to use company assets. It may also include a policy on the use of personal devices. Knowing and understanding an organization's policy is vital to operations, most companies will have many policies. A good practice is to have a detailed knowledge of the policies relevant to your roles and responsibilities, but to be aware of other policies and know where to seek guidance on them as they are often interlinked.
Common Policy Examples
Acceptable Use Policy (AUP)
This is a document that stipulates what a user can and cannot do on a corporate, university, or internet service provider (ISP) network and /or internet access. The user agrees to the terms laid out by the policy to gain access to the network. A code of conduct governs the behavior of the user while using the network/internet provided to them; such as no social media or adult content. These policies should outline the consequences in case a user violates this agreement, for example, loss of internet privileges or suspension of the account.
Service Level Agreement (SLA)
A service level agreement lays out a set level of commitment between a service provider and a customer. For example, an internet service provider or cloud provider will have included a service level agreement when you take out their services. This will dictate; the services provided, performance levels, resolution response times, and repercussions if the service is not provided.
Bring Your Own Device (BYOD)
This is a policy that outlines the usage of a personally owned device on a corporate network, such as a laptop or mobile phone.
Memorandum of Understanding (MOU)
A Memorandum of Understanding is a document that formally outlines an agreement between two or more parties but, is not legally binding. An MOU is usually a sign that a binding contract is imminent.
Standard Operating Procedures
A standard operating procedure is a step-by-step set of instructions developed for a routine task. They provide specific technical processes and techniques used to complete a set task. This ensures tasks are performed effectively and efficiently while reducing errors, miscommunication, and failure to comply with regulations. If all members of a team or organization use the same SOP this creates uniformity within the organization. An SOP can be written for almost any task and is periodically reviewed and developed. Any SOP should be tested prior to being put into practice. Once in practice, they should be easily accessible throughout the organization.
Standard operating procedures may have local or branch variations. This could be to comply with regulations in different areas such as state laws in the US; or when including specific establishments that are local to your branch or office, potentially a local distributor. These variations do not distract from the set of instructions being used; they are the standard in your environment. You may often find a head office will set the policy, but your local management will design the SOP. Good SOPs are designed with input from those using them to give a complete picture of the tasks they are outlining.
Last updated