How to Write an Effective IM Policy

In the recently published report “Information Governance 2016: The State of Enterprise Information (Part 1),”(i) it is stated that the majority of policies and procedures are ineffective.

In light of this, here’s a checklist of best practices for effective policies:

  • Make sure that your policy is the foundational piece for the information management program in your organization
    Ideally, your policy should:
    • Establish that creating, using, sharing, and managing information is essential to the organization;
    • Detail the intentions that will underpin the information management program;
    • Provide a mandate for your organization’s information management professionals; and
    • Specify the suite/framework of supporting documents (procedures, standards, implementation guides, business rules, etc.).
  • Decide on your policy structure, but remain flexible
    Likely, you will need a whole policy suite/framework to establish all of principles and best practices for your organization. Decide early on if you plan to have a policy supported by directives, standards, implementation guides, and/or procedures. However, remain flexible in case the chosen structure doesn’t fit your organization once you begin writing.
  • Do research
    Do an environmental scan and research what other organizations (TBS, other government departments, other governments, etc.) have for information management policies. No need to reinvent the whole wheel when others have gone there before! There are many awesome resources available, such as all the documentation from local leader Lewis Eisen on the perfectpolicies website, the State Archives & Records of the New South Wales Government, international standards like ISO 15489-1, and the toolkit resources from Archives New Zealand.
  • Keep it high level
    Leave the details for your supporting suite/framework and keep your policy simple and brief! The importance of using clear and plain language cannot be overstated. In addition, policy should not bully its way to compliance; respect your audience.
  • Be cognizant of the policy environment of your organization
    Be consistent with the structure of other policies in your organization. Instead of detailing the same best practices that are detailed in a more authoritative policy (i.e. a policy on information security), reference that policy instead. If the other policy changes, your policy will still be up to date because it doesn’t repeat what the superseded policy stated.

I’d like to hear any other tips for beating the statistic and writing effective policies. Share your thoughts and happy policy writing!



Leave us a comment: * Your information is never shared