Introduction
Make no mistake about it; a thorough understanding of the differences between policies and standards is oh so essential to competitive resiliency, business continuity and the development of applicable, relevant policies for you and your organization.
Standards
From a generic point-of-view, standards usually originate from without an organization.
In areas with no official standards or regulatory requirements organizations are free to choose whether or not to voluntarily adopt the various standards and/or proposed standards (this is known as opt-in). In these cases the degree of compliance can also vary considerably from one organization to the next.
Conversely external factors such as the need to comply with legislation or industry-wide recommendations may conspire to force an organization to adopt specific standards.
Whenever legislation and/or other regulations are applicable failure to comply with their provisions will ultimately result in the imposition of punitive penalties. Depending upon the breach incarceration may result.
Policies
On the other hand and in marked contrast to standards policies generally originate from within an organization. The primary objectives and basic functions distributed and/or detailed/proposed via the policy format are generally intended to deliver positive benefits whilst avoiding negative effects at least from the organization's perspective.
Think of a policy as being a statement of organizational intent with the goal of formulating a deliberate plan of action to guide decisions and achieve rational outcome(s). As such the term may apply to government, private sector organizations and groups, as wells as to individuals.
Policy-Based Decision Making
The term “policy” is also used to refer to the process of making important organizational, management, financial and administrative decisions. This includes the identification of different viable alternatives such as processes, programs, projects or spending priorities. These alternative options are considered to form a pool of possible solutions from which the final selection will come.
One area where adherence to policy has considerable impact is in the making of a selection from this pool of possible solutions particularly when many of the candidates in the range are more-or-less equal prospects. In these situations it is often the case that company policy will act as the “tie-breaker” by influencing or even dictating which option wins by clearly defining and delineating the criteria for selection in each instance.
So it is; that generically speaking, company policy aims to facilitate the rapid attainment of specifically defined explicit goals while preserving organization-wide consistency.
Policy Compliance
Compliance with corporate policy is generally not negotiable and the individual at fault will generally experience some form of penalty. The type of penalty will vary from one organization to the next. The ultimate penalty for non-compliance with organizational policies would be termination of employment.
Policy Goals, Objectives and Targets
The possibilities here are endless so to provide a “big picture” view of policies I will make special note of a couple below. Some of the reasons for developing a policy include:
Exploitation - Policies may created to improve an organization's capacity to exploit the positive benefits (from their perspective) of any given scenario or situation as identified by that organization
Mission Statement - Regardless of the type of policy being implemented a clearly defined policy mission (mission statement) is always instrumental in maximizing a policy's capacity to perform and attain its goals.
Privacy - Privacy policies such as corporate privacy policies are widely used today and will generally include information pertaining to their collection, storage, updating, notification, security and eventual secure disposal.
Distribution Policies - Distribution Policies regulating the distribution and sharing of resources within the organization are another common type of policy to be found around the globe in a multiplicity of guises.
Security - Never forget the many elements of security. Policies will need to be developed and implemented concerning personal well-being, intruders, hackers, accidents, down-time etc.
Monitoring - Monitoring and evaluating the current policy status in order to determine whether or not your policy initiatives have/are effective is critical to the success of your overall plan. You can also learn a lot about what to do and where change will have the most beneficial effects at the best dollar/benefit. Policy adherence issues must be dealt with in real-time as and where they arise.
Policy Management
Adopting a life-cycle approach to business policy management has the advantage of ensuring that all business policy can proactively adapt rapidly in concert with the prevailing yet ever changing business, political, social and regulatory climates now and well into the future. One example of a widely accepted business policy management life-cycle is the Bridgeman/Davis Policy Life Cycle depicted below.
Policy Documentation
One fundamental aspect of policy and policy development that may be overlooked is the task of adequately and appropriately documenting the policy. This is true whether it be an organization specific policy, an opt-in standards-based policy or a regulatory required standards-based policy. Elements that must be included with all documentary policy statements include:
