Homework 04
ghv1293
ISEM547_ITProcedures_Lecture.pptxHarrisburg University ISEM 547
IT Policy Procedures
Objectives
Policy, Procedure, Guidelines, Standards
When do you need a procedure
Creating Procedures Considerations
Guides to writing procedures
2
What are Policies, Procedures, Guidelines & Standards ?
Policy: are principles, rules, and protocols formulated or adopted by an organization to govern its actions.
Procedures are specific instructions to be used to implement policy requirements in a specific way; they are enforceable through the policy. Procedures are action oriented, factual and instructional.
Procedures are often integral components in policies outlining the particular actions or steps to meet policy compliance requirements
Guidelines are general rules, practices, and/or instructions that can be referenced to comply with policy; they are not enforceable but recommended as best practices that should be followed
Standards: refer to something that is considered by an authority or by general consent as a basis of comparison (e.g., industry, protocols, academic, etc.)
Standards are often referenced in policies or can be used to frame a policy
3
Creating Procedures
4
When do you need a procedure?
Not everything or IT policy needs a procedure.
The number-one rule of procedure writing is to make sure there's a reason to create a procedure
Polices require specific processes or protocols are to be followed for compliance
Staff forget to take certain actions, perhaps they keep on getting things wrong
Tasks are so long and complex that people need guidance on doing things right
Serious consequences result when a process if done wrong
When a process or situation demands consistency
A written procedure is necessary only if the issue is important or if there will be a significant benefit from clarifying a process or outlining specific actions required for policy compliance.
5
Procedures
6
Creating Procedures - Considerations
Good procedure means understanding the process and the environment (things that influence or integrate with process)
Procedures documents will vary in specific features, based on the type of information that is detailed.
Effective procedure documents are those that have clear and consistent formatting so that readers know how to follow the material.
Paragraphs should begin and end without confusion so readers should not have to wonder where one step ends and another begins.
In describing steps: use strong action verbs, provide enough specificity and explanations to ensure that readers know exactly what to do
Embed relevant icons, images, graphs/charts, flow charts, or tables in the procedures to guide and facilitate understanding.
7
Procedures
8
Creating Procedures - Considerations
The writing style for a procedure document should rely on clear and concise language.
All procedural information should be accurate, and any acronyms should be clarified for instance, the "Food and Drug Administration (FDA)."
For procedure document that will be in circulation for some time, avoid using specific information that might become outdated quickly.
Technical language and jargon that will be unfamiliar to most, should be clearly defined (SaaS, DR, COTS, DDOS, MIPS, etc….).
9
Creating Procedures - Considerations
Effective procedure documents should be in outline format with clear headings, sub-headings, and labels (Diagrams & tables).
Those responsible for writing procedure documents are also responsible for reviewing them periodically.
If the information is not effective in helping employees, or attaining the desired outcomes; then the procedure should be revised and improved
10
Creating Procedures - Considerations
Writing a procedure that is accurate, brief, and readable isn't always easy. But, with a bit of knowledge and practice, you can learn effective procedure-writing skills.
Well-written procedures help improve productivity and the quality of work within your organization
Ensure that the people who need to use a procedure have not only read it, but also understand and have used it.
Validate procedure before publication
11
Creating Procedures
12
Creating Procedures – Starting Block
The key planning activities for writing effective procedures is to research and gain a keen understand the process that the procedure will document
Have a clear understanding of the purpose, scope, objectives, circumstances, and target audience of the procedure
Research and collect information (consulting with subject matter experts, observe and interview process owners and process doers)
13
Creating Procedures – Starting Block
Procedure document should be derived from what you have learned from the planning phase
Once the research an planning phase is complete, define the core functions being performed, associated processes and sub processes (e.g., inputs, outputs, steps, activities, logical sequencing, interdependencies, resources, location, etc.)
Integrate meaningful illustrative components such as process maps, flow-charts, outlines, examples, and value streams
14
Creating Procedures – Illustrations Helpful
15
Creating Procedures – Illustrations Helpful
16
| Budget Schedule | |||||
| Item | Q1 | Q2 | Q3 | Q4 | Owner |
| Budget Analysis | x | x | x | x | CFO, COO, VPs |
| Budget Request | VP & Department Heads | ||||
| Income Statement | x | x | x | x | Finance & Accounting |
| Sales Forecast | x | Sales & Marketing | |||
| Customer Analysis | x | x | Sales & Marketing | ||
| Staffing Analysis | x | Human Resources & Department Heads |
Creating Procedures – Illustrations Helpful
17
| Business Systems Technical Specification Compliance Requirements | |||||
| Item | System 1 | System 2 | System 3 | System 4 | Owner |
| Technical Specification A | x | x | x | x | Security |
| Technical Specification B | x | x | N/A | x | Infrastructure & Operations |
| Technical Specification C | x | N/A | x | x | Applications |
| Technical Specification D | N/A | x | N/A | N/A | Help Desk |
| Technical Specification E | N/A | x | N/A | x | Enterprise Messaging |
| Technical Specification F | X | N/A | x | N/A | EDC |
Creating Procedures
Core Steps
18
Creating Procedures – Core Steps
Preparation:
Conduct research
Provide a purpose statement (why this procedure)
Provide an overview of the procedure
Identify prerequisite knowledge and skills, if any
Highlight any specific issues and other precautions
Define list of recourses, systems, equipment, supplies, or parts needed for the procedure
19
Creating Procedures – Core Steps
Writing Procedure
Define a logical sequence of steps and substeps
Define decisions and decision criteria
Ensure clarity and economy of words.
Write to the level of the reader's ability
Define unfamiliar terms
Include hints and helps
Add illustrations, analogies, models, charts, pictures, workflows, tables, or anything that will aid understanding of the process and steps involved
20
Creating Procedures – Core Steps
Validate
Walk through and/or pilot test your procedure. Obtain feedback and recommendations from the target audience during this step. Is it understandable, effective, complete? Does it produce the desired results?
Revise & Revalidate
Evaluate and incorporate the feedback and recommendations and then retest and validate. Finalize the procedure document.
Publish
Issue the procedure document and establish mechanisms to periodically review to determine accuracy and relevancy as things may change within the environment or policy.
21
Creating Procedures
Procedure Document Outline
22
Creating Procedures - Outline
Title page. This includes 1) the title of the procedure, 2) identification number, 3) date of issue and last revision, 4) the name of the agency/division/branch the SOP applies to, and 5) the owner and author(s) of procedure.
Table of Contents. This is only necessary if your procedure is quite long, allowing for ease of reference. A simple standard outline is what you'd find here.
Purpose. Define the reason and rationale for the procedure. Include applicable policies, standards, and/or regulatory requirements that may be affiliated or driving need for procedure document
Scope and applicability. describe who shall follow, and how and when it's used. Include policies, standards, regulatory requirements, roles and responsibilities, and locations.
23
Creating Procedures - Outline
Overview. Provide an synopsis of the procedure and processes outlined in the document
Methodology and procedures. The meat of the issue -- list all the processes and steps with necessary details, including resources, inputs, outputs, sequential procedures, decision criteria, approvals, exceptions, and relationships to business and/or IT operations.
Clarification of terminology. Identify acronyms, abbreviations, and all phrases that aren't common.
Resources. Complete list of what is needed and when, where to find systems, equipment, supplies, etc. (If required)
References. Be sure to list all cited or significant references. If you reference other SOPs, be sure to attach the necessary information in the appendix
Appendix. Section to append additional support documentation (if required)
24
Procedures
Typically, under what circumstances do you require a procedure?
What are the core steps in creating a procedure document?
Why is it important to validate the procedure?
Does anyone use or occasionally refer to procedures in their work environment?
25
Group Discussion
Assignments
Chapter 8 (IT Managers Handbook)
Homework 3: IT Policy Management
Project 2:
Part A: Create an IT Governance Matrix
Part B: Create a Governance Charter for Enterprise Security Committee
Part C: Write a Information Security Policy for Data Classifications
26
