Case Study Analysis
Prior to the first meeting of the RWW Enterprise Policy Review Committee, Mike
asked Iris to meet him in his office.
“You’ve convinced me that IT and InfoSec policy are tightly integrated,” Mike said,
motioning for Iris to sit down. “And you’ve convinced me that InfoSec policy is
critical to this enterprise. Since we are each members of the Enterprise Policy
Review Committee, I think we may want to coordinate our efforts when we bring
issues up in that group. You agree?”
Iris, who knew how important policy was to her program’s success, smiled.
“Sure, no problem” she said. “I see it the same way you do, I think.”
“Good,” Mike said. “We’ll work together to make sure the EISP you’ve drafted is
integrated with the other top-level enterprise policies. What we need to watch
out for now is all the cross-references between the top-level policies and the
second-tier and third-tier policies. The entire problem of internal consistency
between supporting policies is a problem, especially with getting the HR
department policies to integrate fully.”
Iris nodded while Mike continued.
“I want you to take the current HR policy document binder and make a wish list of
possible changes,” he said. “You should focus on making sure we get the right
references in place. If you can send me the change plan by the end of the
weekend, I will have time to review it.”