Setting IT User Policies That Work
- 01 August, 2012 14:15
The wave of new age technologies that are invading the enterprise hasspurred the debate on who sets IT user policy and how organizations cancontrol it. Richard H. Thaler, a Professor of Behavioral Science and Economics, in his paper- "Test, Adapt, Learn: Developing Public Policy with Randomised Controlled Trials" cites two principles that help policymakers create good policies that work for normal people:
- If you want to encourage some activity, make it easy.
- You can't make evidence-based policy decisions without evidence.
"These are exactly the principles that CIOs should apply when making decisions and rolling out a workforce technology, be it a social business and collaboration strategy, hardware refresh, tablet deployment, teleworking strategy, desktop virtualization program, or anyother technology program that touches a lot of employees," writes Ted Schadler, Vice President, Principal Analyst at Forrester Research in hisblog.
Be it full-fledged enterprise mobility or accessing corporate e-mail over the phone, there needs to be a specific set of rules and guidelinesincorporated in the user policy that defines who gets to do what, when and where. The conversation titled ' Who Sets IT User Policy? A CIO Power Panel Discussion' at the Computerworld IT Roadmap event held across the three cities of Bangalore Mumbai and Delhi threw up multiple points of view on the ownership of the policies, the implementers and how to gain maximum compliance.
While creating an effective IT user policy falls under the domain of IT, Sudhir Reddy, CIO, MindTree believes that it is not the sole responsibility of IT. "While a large portion of the responsibility restson the shoulder of IT, policy building is a very collaborative and consultative effort," he says.
Sunil Mehta, Sr. VP & Area Systems Director- Central Asia, JWTconcurs, "User policies cannot be developed by IT in isolation and willhave to be a consultative process with the departments involved. IT cannot the big daddy of the organization and dictate terms for everything".
The development of user policy is a balancing act since there are internal stakeholders other than the CIO within the organization and there are customers and external partners. Ranga Raj, CIO, CelStream states, "Organizations need to look at what makes sense keeping in mind the strategies of all parties involved".
Once the user policies are built collaboratively it needs to be communicated to the employees in an easily understandable format. The onus of ensuring user compliancedoes rest with IT. "Even though the development of the policy is a consultative effort, IT still owns it. There will be instances where IT will have to put its foot down and decide the course of action," says Guruprasad Murty, VP-IT & IS, Microland.
Mehta feels that, as the custodian of corporate data, it becomes the responsibility of IT to create the user policies in a way that the users are motivated to follow the guidelines. "We crunch our policies into 5 action points and send those to users along with the detailed policy document that is attached for their reference," he adds.
Organizations are also grappling with the problem of attrition that adversely affects today's enterprises. Almost as soon as the organization trains a batch of its employees some of them decide to leave and new ones take their place. "This necessitates continuous training and awareness programs for the employees," says Neena Pahuja, CIO, Max HealthCare.
User policies, however, aren't things you could develop once and forget about. With evolution in the technology space, the policies too will need to transform.
Technologies, ecosystem and people change. So the user policy has to be a constantly updated document and refreshed with the latest that impacts us," states Ranga Raj.
But even a constantly updated policy that is easily understandable fails to gain traction with employees if the senior management does not set the right example. "We roll out our policies top down and make sure we set the right example in terms of complying with the user policies and then it is filtered down the line," says Mehta.
Vijay Sethi, VP & CIO, Hero MotoCorp also believes in leading by example. "If there are any guidelines that any one in the top management feels uncomfortable about, then it is scrapped for everybody," he says.
Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.
U.S. retailers insist on PIN requirement in smartcard rules
Yelp speeds database access with flash storage
Thanks a million, Drupal
OS upgrades: Cheap is better than pricey, free is better than cheap
Amazon vs. Google vs. Windows Azure: Cloud computing speed showdown