|
|
|
|
|
|
The 3 Ps Policy, Process, And Procedure
|
By: Sherief M. Farid
Putting it all Together “IT Governance”
We will discuss the 3Ps and emphasizing on how great they are. A Policy is defining the rules, a Process is taking control and a Procedure is an acronym for success.
We have seen how they work together to provide us with an efficient way of managing our IT environment. The following diagram summarizes the relationships between the 3 Ps.
A Policy is defining the rules, a Process is taking control and a Procedure is an acronym for success:
As we can see in the diagram, it all starts with a set of Policy Documents that define the rules. From the Policy Documents and how the IT business is currently managed we can develop a set of Processes. Finally, to furthermore describe how the work should be done, the Procedure Documents will be created. Please note that in some cases there can be a procedure that is shared on several (or all) processes.
There is a new term that I would like to introduce today which is “IT Governance”. IT governance is a subset of cooperate governance. It is defined as, “The system by which the current and future use of ICT is directed and controlled. It involves evaluating and directing the plans for the use of ICT to support the organization and monitoring this use to achieve plans. It includes the strategy and policies for using ICT within an organization." We can simply say that IT Governance is the 3Ps.
Now the big question is “HOW”, how can I implement IT Governance on my organization?
I have five basic rules that I always use when attempting to implement IT Governance (or parts of it). These rules are:
1. Top Management Sponsorship is mandatory for the success of implementing IT Governance at any level. Without Top Management Sponsorship you will not get your team to buy in for the project or cooperation from other departments within the organization.
2. IT Team to Buy-in. Getting your team to realize the importance of IT Governance will ease the process, as most of the work on it will come from their cooperation.
3. A Pilot project is a good starting point. Never attempt to tackle the whole environment at once. Start with a simple everyday use like User Account Administration. Create the set of IT Governance required for creating and administering Users, implement them for a month and then review the results. This will give you an idea of how your organization will handle the change.
4. Review and Update. With the Pilot project, start putting down a process for reviewing and updating different components of your IT Governance Pilot. Test the process on the Pilot and record your results. This will assist you get a method for IT governance update once you start the full implementation.
5. Initiate an audit process. If your organization does not have an internal audit group, form your audit committee and start auditing the pilot as it runs. After full implementation, you can use the same process after refinement to audit your operations internally.
Many people ask do we have to create the whole IT Governance from Scratch. My answer is no, Why re-invent the wheel? Several Best Practices have been developed (and some are published for free) that you can use as a baseline for your own IT governance.
The IT Infrastructure Library (ITIL) is the most widely known and accepted Best Practice.
There is the Microsoft Operations Framework (MOF), which is a superset of the ITIL which will be very useful if your infrastructure consists of Microsoft Technologies and Solutions.
Furthermore, there is the Control Objectives for Information and related Technology (COBIT) which is more IT Auditing-oriented.
I hope I was able through this series to introduce you to IT Governance or the 3 Ps.
Posted by ROOT Technologies
|
|
|
|
|
