Skip to main navigation
Skip to main content

 

Related links

Related links

Global related sites

 

Policies and standards

Note: to be developed for subsequent versions to include property and construction aspects.

Purpose:

Policies and standards ensure that processes, procedures and deliverables are consistent and meet the needs of the business, while complying with current legislation. Some policies, such as equal opportunities, will also be partners and suppliers. Policies should be clearly communicated through all levels of an organisation detailing who responsible for each policy and what onus that places on individuals employed by the organisation.

Fitness for purpose checklist:

  • Is the policy clearly stated?
  • Is it clear who, within the organisation, is responsible for the policy?
  • Is it clear how the policy will be implemented?
  • What is the timetable for implementation?
  • Has best practice guidance been incorporated in the new policy?
  • How is the policy to be communicated throughout the organisation?
  • Is it clear who is affected by the policy?
  • Are all people employed by the organisation affected by the policy or is it just a discrete group?
  • Do partners and suppliers have to comply with the policy?
  • Is it clear what is required by the individuals in order to comply with the policy?
  • Is it clear what management structures are required to facilitate implementation, use and monitoring of the policy?
  • Is it clear what review process will be untaken to ensure the policy is working? 

Notes:
Example topics for policies and standards:

  • Enabling policies are those that aim to support, promote and encourage the deployment of effective information systems processes and services.
  • Restraining policies are those that aim to control or constrain the activities in the various parts of the organisation.
  • Examples of areas where you may need to introduce enabling policies are:
  • Central provision and allocation of resources, such as equipment, technical staff, software and services
  • Arrangements with suppliers, procurement procedures and contractual terms
  • The role of providers in the provision of support and training, and user documentation
  • The provision of common services, such as generic application systems to meet common requirements, to all parts of the organisation
  • Procedures for prioritisation of developments, the planning of a phased introduction of facilities to the organisation, and the implementation of pilot projects where relevant
  • The use of external services, such as consultants, database services and maintenance services
  • Policies for provision and monitoring of ergonomic aspects of IT systems, including the user interface
  • Procedures for system implementation and project management, such as use of the PRINCE methodology.
  • Examples of areas where you may need to introduce restraining policies are:
  • Requirements for compatibility and conformance with standards and guide lines on selection and use of software and document formats
  • Definition of procedures for disaster recovery, system security and systems audit
  • Standards and procedures for identifying, validating, storing and accessing shared information at work-group, business function or corporate level
  • Operating procedures for users of desktop facilities, including policies on local purchase and import of software, and exchange of data media
  • Procedures for on-line and off-line document storage, naming, retention, purging and archiving.
  • Information management - policy topics include:
  • Information and data ownership and sharing
  • EDM/ERM
  • Knowledge Management
  • External communication
  • Security
  • Interoperability
  • Business continuity
  • Publications policy
  • Policies for access, media, preservation/archive; audit
  • Security - policy document to include:
    -a definition of information security, its overall objectives and scope and the importance of security as an enabling mechanism for information sharing
    -a statement of management intent, supporting the goals and principles of information security
    -a brief explanation of the security policies, principles, standards and compliance requirements of particular importance to the organisation
    -a definition of general and specific responsibilities for information security management, including reporting security incidents
  • -references to documentation which may support the policy.

Source information:

  • Vision statement
  • Programme plan

Further information:

See the briefing on governance.

Print this page


OGC Gateway management reviews identify risks to programmes and projects and ensure that you deliver them on time and on budget. Government Relocation and Asset Management - streamlining the civil service and improving management of the civil estate. Centres of Excellence in programme and project delivery through your departments, agencies and non departmental public bodies. Programme & Project Management (PPM) Specialism helping developing careers. Key OGC products in the programme and project delivery chain include ITIL, PRINCE2, M_o_R and MSP.

Procurement policy supporting the implementation of European Union directives. Commodities, construction and facilities management procurement. Sustainable procurement. Efficiency Programme, eProcurement and eAuctions, improving supplier relationss and developing Best Practice, OGC works with the public sector to achieve efficiency, value for money and successful delivery of government projects. Expert advice, knowledge sharing by providing specialists, either as consultants or interim managers for your programme and project management.