Proactive
not reactive
Business-as-usual activities are more challenging when policies are managed reactively
64% of organizations who managed policies reactively rated project execution as fair or poor.
Likelihood of being satisfied with IT increases when we are satisfied with our IT policies
Without proactive policy management, responding to change is nearly impossible
The pace of business has increased substantially in recent years. Policies often law, changing business and technology demands and compliance requirements.
Organizations need to be proactive in identifying how business changes and new technologies will impact the business in order to successfully manage policies. moreover, organizations need to predict and respond to how their employees will react to organizational and technological change.
Some employees don't care about restrictive IT policies, even if they are crucian for risk mitigation. A recent report from Fortinet found that 36% of respondents said they would use the cloud, even if such activity was prohibited by IT policies.
"A lot of employees are saying, 'This is the way I'm working now,' so a lot of these IT policies need to catch up"
-John Maddison, Vice President of Marketing, Fortinet Inc
Right-size our policies to maximize our policy utility
Too few policies can leave our organizations susceptible to risk.
Too many policies can confuse employees and detract from compliance.
Complex or differentiated policy ownership is likely to cause behavioral inconsistency across organizational departments.
Policy managers must strive to find the right balance of operational efficiency and internal control.
Take a risk-based approach to policy management and create policies to address our greatest risks.
- Redundant or Conflicting Policies
- Low Policy Awareness
- Wasted Effort in Developing and Maintaining Policies
- Unnecessary Bureaucracy
- No Expectations Set With Employees
- Inconsistent Employee Behavior
- Non-Compliance with Regulatory
- Requirements Unnecessary Exposure to Risk