Five Components for Policy Work
by John Bandler
I have developed five components for policy work that organizations can consider when creating internal rules such as policies, procedures, and standards.
These concepts apply across all areas of organization management, though this article is written primarily in the context of information governance -- properly managing information assets such as computer devices, data, networks, and more. There is no shortage of external guidance on this topic.
The five components for policy work
As I have evolved these concepts, we can think of five main components to consider when doing policy creation or improvement.
Four are platforms and the fifth component is the more ambiguous "cloud" of external guidance.
We can view all five components together in this diagram, where we view everything from a top view perspective.
The five components are:
- Mission and business needs, the reason the organization exists in the first place.
- External rules: Laws, regulations, and other legal requirements.
- External guidance: Helpful and relevant voluntary guides to our policies and actions.
- Internal rules: Policies, procedures, and more (that currently exist).
- Practice: or action -- what is actually done.
The Four Platforms concept
We can view those four platforms with a nice front view and a little perspective, and the idea is that organizations conceptually align and build as needed these four platforms.
I lay out more details on each component in other articles linked to below.
Businesses need to build and improve their policies (internal rules) to aid in mission accomplishment, protect against cybercrime, and comply with legal requirements.
This article is (of course) not tailored to your circumstances, nor is it legal or consulting advice.
If your organization needs help with improving its internal documentation, incorporation of best practices, and compliance with external rules, including regarding cybersecurity and protecting from cybercrime, feel free to contact me.
- Five Components for Policy Work (this page)
- External Guidance
- External Rules
- Internal Rules
- Bandler's Three Platforms to Connect
- Bandler's Fourth Platform to Connect
- Policies and Procedures (and other governance documents)
- Policies, Procedures, and Governance of an Organization
- Policy Checklist
- Internal Rules Planning
- Internal Rules Building
- Policy and Procedure Research and References (I have researched and built out many articles on the topic and they are all listed here)
- Mission and Business Needs
- Practice and Action (coming someday?)
- Policy Project (planning and executing)
- My online course on security documents at Infosec Institute (coming soon). Link to my author page at Infosec.
This article is hosted at https://johnbandler.com/five-components-for-policy-work, copyright John Bandler, all rights reserved.
This article is also available on Medium.com at https://johnbandler.medium.com/five-components-for-policy-work-e4441f36fa55 (though not kept as up to date).
Originally posted 10/21/2022, updated 11/08/2022.