93% of organizations reported a need to manage their policies

85% of organizations reported a need to manage their procedures or protocols

Organizations that were highly satisfied with their IT policies were 3.7 times more likely to be highly satisfied with IT when compared to those organizations that did not have high satisfation with their IT policies.

The pace of business has increased substantially in recent years. Policies often law, changing business and technology demands and compliance requirements.

Organizations need to be proactive in identifying how business changes and new technologies will impact the business in order to successfully manage policies. moreover, organizations need to predict and respond to how their employees will react to organizational and technological change.

Some employees don't care about restrictive IT policies, even if they are crucian for risk mitigation. A recent report from Fortinet found that 36% of respondents said they would use the cloud, even if such activity was prohibited by IT policies.

100% of respondents to a Synamtec security curvey indicated an extreme concern of loss of proprietary or confidential data.

Only 34% of these respondents have implemented any form of data loss prevention controls.

"A lot of employees are saying, 'This is the way I'm working now,' so a lot of these IT policies need to catch up"
-John Maddison, Vice President of Marketing, Fortinet Inc

Too few policies can leave our organizations susceptible to risk.

Too many policies can confuse employees and detract from compliance.

Complex or differentiated policy ownership is likely to cause behavioral inconsistency across organizational departments.

Policy managers must strive to find the right balance of operational efficiency and internal control.

Take a risk-based approach to policy management and create policies to address our greatest risks.

Too Many Policies:

• Redundant or Conflicting Policies
• Low Policy Awareness
• Wasted Effort in Developing and Maintaining Policies
• Unnecessary Bureaucracy

Not Enough Policies:

• No Expectations Set With Employees
• Inconsistent Employee Behavior
• Non-Compliance with Regulatory
• Requirements Unnecessary Exposure to Risk

We have an opportunity to improve our employee alignment and satisfaction, improve organizational agility, and obtain high policy adherence. This is achieved by translating our corporate culture into a policy-based compliance culture.

A compliance culture is a component of an overall corporate culture where elements of company culture are embedded in policy.

Not having a compliance culture can be costly! in 2015, Volkswagen faced fines up to $18 billion for allegedly cheating on its emission tests for new vehicles.

A compliance culture can be a competitive advantage - a corporate foundation of integrity and accountability increases employee satisfaction and customer confidence.

40% of organizations rated training employees on policies as one of their top three policy management challenges