by John Bandler
"Internal rules" is my way of describing any rule an organization creates for itself and its employees, and is an important platform for organization management and governance.
Many may use the term "policies and procedures" for this, but internal rules fits better in my mind.
This article is mostly a jumping off point where I tie it into other articles I have written. All of this is primarily in the context of information governance -- properly managing information assets such as computer devices, data, networks, and more. But the concepts apply across all areas of organization management.
Internal rules within the Three Platforms concept
And I discuss these internal rules within the framework of my Three Platforms to Connect for compliance method which visualizes how legal requirements, internal policy, and organization practice should align.
The three areas to consider for compliance analysis are:
- External rules: Laws and regulations
- Internal rules: Policies, procedures, and more
- Practice: or action -- what is actually done.
Then I introduced the Fourth Platform of Business needs, which brings organization mission and business needs into our conceptual diagram. Mission can include doing good to help individuals and society, earning revenue and business, obtaining donations or grants, surviving, thriving, and growing.
Internal rules can include:
- Verbal directions, unwritten rules, and organization culture (these are important but we need to recognize their limits and the potential for differing perception and recollection)
- Policies (general rules)
- Standards (more detailed rules)
- Procedures (highly detailed steps to accomplish a task)
- Guidelines (guidance, but not a rule)
- Other documents whatever their name, such as charters, plans, handbooks, manuals, etc.
Topics for internal rules can include:
- Incident response
- Conflicts of interest
- Employee rights and responsibilities in the workplace
- Documents on how to manufacture goods or provide services.
Written internal rules
Written internal rules include policies, procedures, and other governance documents. I discuss these documents in more detail in my article on policies and procedures.
Planning to create or improve internal rules
I created a helpful concept for organizations that are planning to create or update their internal rules and I discuss it in this article on internal rules planning. In sum, we first examine external rules, business needs, external guidance, and practice, and use them to create or improve our internal rules.
Building internal rules
I have reimagined the traditional policy and procedure rules pyramid into the "internal rules platform", and offer a concept helpful as we build our internal rules. I lay it out in this article.
Businesses need internal rules to fulfill their mission and comply with legal requirements.
This article is (of course) not tailored to your circumstances, nor is it legal or consulting advice.
If your organization needs help with improving its internal documentation and compliance with external rules, including regarding cybersecurity and protecting from cybercrime, feel free to contact me.
- Bandler's Three Platforms to Connect
- Bandler's Fourth Platform to Connect
- Policy and Procedure Research and References (I have researched and built out many articles on the topic and they are all listed in this article)
- Policies and Procedures (and other governance documents)
- Policies, Procedures, and Governance of an Organization
- Policy Checklist
- Internal Rules (this article)
- Internal Rules Planning
- Internal Rules Building
- Cybersecurity, Privacy, You, and Your Organization
- New York Cybersecurity Requirements and the SHIELD Act
- Cybersecurity review and improvement for your organization - a checklist
- Introduction to Cybersecurity and Information Security
- Cybersecurity Laws and Regulations Part 1 (general legal overview)
- Bandler's Free Starter Cybersecurity Policy
- Bandler's Four Pillars of Cybersecurity
This article is hosted at https://johnbandler.com/internal-rules, copyright John Bandler, all rights reserved.
This article is also available on Medium.com at NOT YET (though not kept as up to date).
Originally posted 5/15/2022, updated 6/9/2022.