Implementing ICT Policies and Procedures

Efficient organization management requires the formulation of principles that will guide all employees. Along the confirmation that they are acquainted with the principles, employees gain the right to and responsibility for implementing the so adopted common principles. Rulebooks help increase productivity, decrease or even eliminate legal responsibility of the organization, set up organizational and individual framework of expectations from ICT and if necessary ensure the availability of needed resources.

The aim is to establish a controlled system of rulebooks and procedures that will help an organization set up its principles and run ICT organization in accordance with both business demands and the demands of regulatory bodies. The method is harmonized with the recommendations given by COBIT 4.1. and typically includes the following activities:

  • Analysis and documentation of a company’s strategies,
  • Analysis and definition of ICT organization’s strategy within a company,
  • Defining organization’s business objectives and ICT objectives, all in accordance with strategic objectives,
  • Defining the fields that need to be regulated by rulebooks (e.g. managing changes, upgrades, patches, user access rights, application development etc.),
  • Compiling the rulebook and procedures,
  • Material validation and verification with employees in charge,
  • Optional: establishing rulebook and procedures monitoring system.