Tech Thursday: How To Develop a Unified IT Policy

Tech Thursday: How To Develop a Unified IT Policy


As your organization grows, you may find yourself growing from an IT department of one to working with a small team -- or more. With that growth will come the need to document processes and procedures that were previously ad-hoc, or “oral tradition” -- answers given in the moment in response to one-off questions.

Rather than coming up with answers on the spot, it’s better to have a central guiding document that can be used to inform your decisions. Even if your IT department is still small, having a policy document will help all of the members of your team to -- quite literally -- be on the same page, helping you to provide better, more consistent service to your users.

What Should an IT Policy Document Contain?

An IT policy document doesn’t need to be an overly complicated document, especially for smaller organizations. It should contain an overview of the structure or organization of the IT department, the services your department provides, and, most importantly, the standards and procedures that your department follows, both for day-to-day operations and new project implementations.

For example, is your organization covered by a government or industry regulation, such as HIPAA, PCI-DSS, or DFARS 7012? How your team makes sure that it is operating according to those regulations should be spelled out in your policy document.

How are changes to services or infrastructure designed, reviewed, and implemented? How do you communicate those changes to users? While making a change is simple now (“I just do it after-hours”), when your team starts growing, having a documented change control procedure in place will be indispensable.

IT Team Organization and Structure

How is your team organized? Who is in charge of day-to-day operations of the IT team? Who in the C-suite do you report to? While some of these questions may be outside your scope, it’s a good opportunity to work with management to get roles defined and operational questions clarified. As the organization grows, and people on your team come and go, having these roles defined will make hiring and training much simpler later on -- so put them in your policy document.

(Curious about which roles and personnel you need? We’re working on a series of articles on building an IT team -- stay tuned!)

Service and Support

The goal of the IT department is to provide technology services to facilitate the rest of the business. But which services? What level of support does your team provide -- and at what hours? While some of these questions are best answered in separate service level agreements (SLAs), the overall relationship of the IT department to the rest of the company should be well-defined in your policy document.

Do you have a help desk or support staff? How do users ask for help from you? Answering these questions and laying them out for the rest of the company will help you to get ready for growth while still providing good service.

After your policy doc is compiled, get it approved by your upper management. Make sure they understand how your IT department’s policies fit into the goals of the company -- and be prepared to make adjustments if directed. Then, have it circulated to other managers so that they can be on the same page as your team.

Of course, you’ll receive some requests that will run counter to your policy. How can you handle them without becoming the department of “no”? We’ll cover that in next week’s article.

E-N Computers is your IT partner. Our managed services are available to businesses in Washington, D.C., Maryland, and Virginia. Contact us today to find out how we can help you get your company ready for growth.