Process 3: Validate Policy
Figure 5. Validate policy
Activities: Validate Policy
In this process, policies must be validated with all stakeholders of the business. Because an organization’s policies may have serious legal implications, validation requires careful attention to detail. The following table lists the activities involved in this process. These activities include:
- Performing policy review.
- Reviewing comments and revising policies.
- Managing policy configuration.
Table 6. Activities and Considerations for Validating Policies
Activities
Considerations
Perform policy review
Key questions:
- Are these policies easy to understand?
- Do these policies correctly convey the vision and goals of the business?
- Do the policies enforce what you want enforced? Are they effective?
- Are these policies in conflict with any vision and goals of your department or area of responsibility?
- Will the structure of these policies last for at least two years?
Inputs:
- Policy review package
- Vision and goal statements of the business
- Business continuity plan
Outputs:
- Reviewed policies with comments
Best practices:
- Before sending policies out for review, make sure they’re ready for the reviewers to see.
- Establish focus areas for each reviewer or group of reviewers.
- Make sure that policies remain relatively static over time; procedures may change more frequently to reflect modifications to processes, technologies, and organizations.
Review comments and revise policies
Key questions:
- Are the comments sufficiently valid to warrant a policy change?
Inputs:
- Policy review package with reviewer comments
Outputs:
- Revised policies
Best practices:
- Prior to the review, decide whose input you absolutely need and whose is optional. Additionally, determine the criteria regarding when an entire team must be involved in a review.
- Establish criteria about what types of issues are important enough to change.
Manage policy configuration
Note: Policies should be managed through your organization’s change control process.
Key questions:
- Are these policies under change control?
- What is the maintenance and review process to be used?
Inputs:
- Reviewed and approved policies
Outputs:
- Completed and controlled policies
Best practices
- For more information on managing policy configuration, see the Change and Configuration SMF.
This accelerator is part of a larger series of tools and guidance from Solution Accelerators. |
Download |
Solution Accelerators Notifications |
Feedback |