Wednesday, April 22, 2009

The Purpose of Policies and Procedures (Key #1: Good Policies and Procedures) - Highlights of chapter 7 of the second edition of Information Nation

The first of the Seven Keys to Information Management Compliance is good policies and procedures. Organizations must develop and implement policies and procedures designed to ensure that its Information Management Compliance responsibilities are addressed and its obligations are met.

Policies and procedures have a critical role in an Information Management Compliance program. They provide clear guidance to employees as to what their IMC obligations are, which can be a significant challenge in large organizations. They affect the corporate culture and provide consistent guidelines for employee behavior that last beyond the residency of a particular manager or executive.

Good policies and procedures also make a statement to the world that the organization is committed to addressing Information Management issues. If an organization can demonstrate to an investigator, regulator, court or even the media that they had a policy in place and trained employees to follow the policy, then isolated failures are much more likely to be seen as individual accidents rather than organizational failures.

Compliant Information Management policies and procedures can also help organizations avoid liability for their employees’ actions. The second edition of Information Nation, available from John W. Wiley & Sons, contains several scenarios in which good policies and procedures can mitigate employees’ bad actions. For more information, see

Comments? Contact the author at

No comments: