Policy
3.2 Document TypesA policy is only as effective as the readers ability to understand its content and the value of acting accordingly
What is a policy?
Definition
A formal statement that outlines ambitions, rules, principles, and expectations established by an organisation guide decision-making and behaviour
Purpose
To provide clear guidance, promote consistency, accountability, and compliance within an organisation
A Policy is a top-level document stating an intent through a formal statement as well as scope, accountable organisation, high level rules, expectations on employees and other related statements.
Sensitivity
One thing that sets Polices apart from the other asset types is that they with benefit should be written and documented in such a way that they open for public sharing. Policies are often requested as part of procurement and it is good practice to publish Policies on the external website. There can of course be exceptions that are not suitable for public publishing.
Accountability, Responsibility & Lifespan
The Ownership layer is accountable for policies. The accountability includes the approval of policies as well as the utmost responsibility that the policies are appropriately designed and implemented to an acceptable level.
Policies are a way for the owners to clarify how the organisation shall operate on a high level through statements, rules, principles, expectations and responsibilities.
Responsibility
The Leadership layer is responsible for maintaining, implementing the policies in practice and suggesting improvements.
The policies provide clear guidance for leaders and employees what is important, what is allowed and not allowed, who is responsible and in general the owners expectations on how the organisation should operate.
Lifespan
A Policy is a document that typically has a long lifespan over many years. However, it should be reviewed and updated regularly to ensure it continues to be relevant over time and reflect the organisational direction.
Good practice is to review policies at least once per year.
Typical Content
The format and content of a policy can vary depending on scope and context, but good starting point is:
The title should be clearly stated and as aligned with best-practice and standards to make it easy for both internal and external stakeholders to understand its content and purpose.
Policies must be strictly controlled. This means that information such as:
- Effective date (from when the document is in affect)
- Document owner (accountable role and approver)
- Sensitivity (public, internal, confidential or equivalent)
- Version history (summary of previous versions and changes)
The introduction should state what area or topic the policy covers as well the purpose of the document.
The scope should define who or what is affected by this policy. In a corporate group setup, some policies might not affect all subsidiaries.
The policy statements should clearly reflect and describe the owners will on the area or topic. It should guide leaders and employees to act and perform tasks in such a way that is aligned with the owners will.
The responsibilities that is expected on leaders and employees in relation to the policy statements. Typically the management team is responsible to allocate resources to enable awareness, ensure execution accordingly and compliance. States Employees are typically expected to adhere to the policy and report deviations.
It should be stated how often the policy should be reviewed, unless stated in general for all policies (which is good practice).
It should be stated that observed deviations or violations should be reported and how deviations and violations should be managed.
By having a clear, crisp and unified structure and way of working for all policies, the overall usability of policies becomes much higher. It is easier to create, review, implement and find the relevant information.
Policies are an important part of a lot of assets and sets the foundation for the asset structure.
Next Step
Read more about the second type of document, the Standard…