IT Policy and Procedure Development Basics

Updated: June 14, 2010

The following items represent some of the benefits and goals that would be realized by a company implementing a set of IT policies and procedures.

Enhanced Security: Policies and Procedures governing changes to logical and physical security access that define request, review, and approvals, enhance security by creating an audit trail. This will ensure only approved access changes are implemented.

Improved Communication: Establish and document a clear, consistent Policies and Procedures and you will minimize the frustration end users feel when something goes wrong.

Managed Expectations: Policies and Procedures give employees security in what to expect. End users know roughly how long it takes to fix or replace a hard drive, how long it takes to order a new monitor, make a change to the website and what the approval process is for each request. They also know what activities are permitted and which ones are not. They know what software is supported, what software is tolerated but not supported, and what software is strictly forbidden.

Establish Measurable Goals: Policies and Procedures enable managers to establish benchmarks they can use to measure performance. This is typically referred to as the Service Level Agreement (SLA) and be both internal and external.

Legal Protection: If the worst happens and an employee or guest uses your computing resources to break the law or harass someone, a signed Acceptable Use Policy (AUP) can help minimize exposure and liability.

Acceptable Use: IT Policies and Procedures should include a fully developed and implemented Acceptable Use Policy (AUP). The AUP would state what activities are allowed and what activities are not allowed. It would state which software applications are approved or not approved.

Other areas that should be addressed by a comprehensive set of IT Policies and Procedures would include:

  • Establishing a central point of contact for user interaction
  • Setting minimum required information standards for error or trouble reporting.
  • Establishing proper resource utilization levels
  • Creating standard Problem Escalation guidelines.
  • Creating priority levels to guide impact levels and response efforts.

Related Categories
Featured Research
  • Securing Enterprise Information Technology

    In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more

  • Office365 Adoption eGuide

    Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more

  • Okta Directory Integration

    For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more

  • Top 8 Identity and Access Management Challenges with Your SaaS Applications

    With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more

  • Better BYOD with Pulse Secure and MDM Partners

    Learn how Pulse Secure and leading MDM product partners are transforming the way employees and IT benefit from the productivity and flexibility of BYOD — without compromising security or increasing management complexity. more