ENTER: Five Steps for Governance Documents

by John Bandler

Organizations should be managed effectively and efficiently, for a multitude of good reasons.

As they do this, they will need governance documents --documents that help the organization manage itself. These are "internal rules" of the organization and include policies, procedures, standards, and more.

These sound principles extend beyond to all areas of organization management.

Governance is the process of how organizations manage themselves. No organization is the same, with variations in mission, size, decision making and implementation, history, people, culture, and more. Needless to say, there is wide variety on how organizations document their rules, and how they follow them. Every organization can improve, and good policies and procedures are helpful to guide organization and individual conduct.

ENTER is a helpful initialism for managing our policies and other documents

ENTER Five Steps for Governance Documents

Organization documents should be efficient, comply with external laws, properly direct organization action and aid with mission achievement.

In 2020 I came up with the ENTER concept and I have refined it periodically:

  • Evaluate the five components of policy work (mission, external rules, external guidance, practices, existing internal rules)
  • Newly create or update governance (policy) documents
  • Train 
  • Ensure practice follows policy
  • Review and update periodically

Let's examine each.


The organization should evaluate a host of criteria including circumstances and existing documents. Consider:

  • External rules (laws and regulations) and how they apply to the organization
  • Compliance with these laws
  • Protection of the organization from risks (including cybercrime and legal risks)
  • Prioritizing risk management
  • Mission and business needs
  • External guidance
  • Prioritizing document update and creation

The organization can consider my Five Components for Policy Work during this evaluation.Bandler’s Five Components for Policy Work – All

Newly create or update

Next the organization should plan to newly create or update governance documents such that they:

  • Comply with external rules
  • Help the organization accomplish the mission and business needs
  • Are clear, consistent, understandable, and helpful
  • Are efficient and effective (not shelf-ware).


Next, the organization should train all members of the organization (from the newest hire to the CEO) on the governance documents.

There are options for this training, a variety of forms and degrees of formality.

The organization should consider obtaining acknowledgements from employees that they have read and will abide by the new or updated policy.

Ensure practice follows policy

Then, the organization should ensure practice (action) follows the policy. In other words make sure that the organization and individuals within it are complying with the rules. If it is not complying, then corrective action should be taken as appropriate to achieve compliance. (If review indicates that the rule is not practical and cannot or should not be complied with, then the rule should be changed).

Review and update

Finally, organizations should review and update policies and practices periodically, and evaluate the need for an update, changes, and new policies. Occasionally documents should be retired.

Governance documents are important

Governance documents are important, with legal significance. They should never be slapped into place quickly, and thoughtless "copy and paste" can cause lasting damage to an organization.

Organizations should banish these thoughts or statements:

  • “We need to get a policy in place quickly so we have it and can show [insert name]. But we don’t really need to follow it.”
  • "We have good policies on paper, but we don't really follow them."

Other concepts

Bandlers Three Platforms to Connect simple

My Three Platforms to Connect for compliance concept guides how governance documents fit in with laws, regulations, and the practice of the organization. The three areas to consider are:

  • Laws and regulations (external rules)
  • Policies, procedures, and other internal rules
  • Practice, action, what is actually done by the organization and its people.

These three platforms should align, organizations should reduce and "watch the gap".

Then, the Fourth Platform to Connect adds mission and business needs, since organizations do not exist just to comply. They need to earn revenue, do good and help individuals and society by providing a necessary service or product.

Bandler's Four Platforms to Connect (L-shape)

And you read about my Five Components for Policy Work, which adds external guidance.


Good management of an organization requires appropriate documentation that aligns external rules with organization practice and promotes efficiency and compliance. ENTER is a handy acronym to help you think about your policy work.

Bandler’s Five Components for Policy Work – All

This article is for your information and learning, and of course is not tailored to your circumstances, nor is it legal or consulting advice. It also contains my opinion and perspective.

If your organization needs help with improving cybersecurity and protecting from cybercrime, creating or improving policies, and complying with cybersecurity related laws and regulations, contact me.

Additional reading

This article is hosted at https://johnbandler.com/enter-five-steps-for-governance-documents, copyright John Bandler, all rights reserved.

This article carves out my "ENTER" concept from my 2020 article: Policies, Procedures, and Governance of an Organization.

This article is also available on Medium.com at (not yet) (though not kept as up to date).

Originally posted 10/31/2023, updated 3/16/2024.