Document project management

by John Bandler

Document project management is the process of managing a document project. Document projects should be managed well.

A project is work that has a start and end to accomplish a goal, make some improvements, deliver a "deliverable".

A document project is when that deliverable is a document.

Compare a project to "operations", which is normal, ongoing business of an organization (without a start or end).

Some people and organizations may tend towards one or more of these extremes:

  • No management process at all (disorganized, chaotic, confusing, and inefficient)
  • Excessive bureaucracy and approvals (cannot get anything done or make any progress)

The key is to find the right degree of project management process. Remember that projects are about the journey and the destination (not just the deliverable/destination)

Document project management steps

Every organization is different (as are the people within them) and every document project is different.

Some considerations are what type of document is needed (consider my Five Components for Policy Work) and whether any of the work will be outsourced and use external attorneys or consultants.

Still, these are some

  • Planning and scoping
  • Obtain and read John's book, Policies and Procedures (optional but helpful!)
  • Organization internal approval for project
  • Hire external expertise if desired/needed (attorney/consultant)
  • Start of project
  • Establish project team
  • Brainstorming and reviewing scope
  • Assess Five Components for Policy Work
    • Laws and regulations (external rules)
    • Existing policies and procedures (internal rules)
    • Practices and action
    • Best practices (external guidance)
    • Mission and business goals and needs
  • Assess ENTER: Five Steps for Governance Documents
  • Identify approving authority
  • Review cycles
    • General and big picture
    • Threshold issues
    • Individual issues
    • First draft
    • Subsequent drafts
    • Near final drafts
  • Maintain version control
  • Submit for approval
  • Gain approval
  • Finalize documents as approved
  • Circulate approved documents, incorporate into organization libraries, etc
  • Train, obtain acknowledgments, etc.
  • Closing and completion of project

Within the project you want to create many mini-phases or milestones, adapted to your project.


This article is (of course) not tailored to your circumstances, nor is it legal or consulting advice.

This is to inform and you assume all risk for cybersecurity decisions you make. This is an introduction and more can be written on this topic.

I may explain nuances further in other articles, or one of my books. Other experts may have differing opinions.

Ask ten different experts in law, IT, or IS, you will get ten or more different definitions for a term, and as many different recommendations for cybersecurity posture. Cybersecurity is about decisions and risk management.


Good project management is important for documents.

It is not just about the result, the final document. It is about the journey and the process.

If your organization needs help with improving its internal documentation and policies and procedures, feel free to contact me.

Additional reading

This article is hosted at, copyright John Bandler, all rights reserved.

This article is also available on at NOT YET (though not kept as up to date).

Originally posted 2/11/2024, updated 2/11/2024.