PO06 Process Description

1. Description

Policies and standards (to translate the strategic options into practical and usable user rules) established and communicated to the Client organizations.

2. Service Activities

Information control environment: maintain an awareness program fostering a positive control environment throughout the Cluster,
Policy Communications: ensure that organizational policies are communicated to and understood by all levels in the organization,
Policy Maintenance: Policies should be adjusted regularly to accommodate changing conditions. Policies should be re-evaluated, at least annually or upon significant changes to the operating or business environment, to assess their adequacy and appropriateness and amended as necessary,
Quality commitment: Maintain a quality philosophy, policies and objectives which are consistent with the corporate philosophies and policies,
Security and internal control framework: maintain a framework policy which establishes the organization's overall approach to security and internal control,
Intellectual property rights:maintain a written policy on intellectual property rights covering in-house as well as contract-developed software,
Policy Issuance: maintain issue-specific policies to document management decisions in addressing particular activities, applications, systems or technologies,
IT security awareness: an information technology security awareness programme should communicate the information technology security policy to each information technology user and assure a complete understanding of the importance of information technology security.

3. Key Goal Indicators

Percent of IT plans and policies covering mission, vision, goals, values, and code of conduct which are developed and documented
Percent of IT plans and policies which are communicated to all stakeholders
Percent of the organization that has been trained in policies and procedures
Improved measure of user awareness based on regular surveys
Number of policies and procedures addressing information control

ebc Service Commitments

review of the EBC web site, including proposal on EBC Intranet use for SMT review, business case, development and execution of implementation plan,
a plan for and delivery of ongoing stakeholder education/marketing communication about work undertaken by EBC for both internal staff and our clients, aligned with Stakeholder Education program,
development and implementation of internal ebc Cluster logo, for presentation and consistent communications messaging,
planning and executing the cluster participation at Showcase 2003, with effective participation from across the cluster ministries

4. Key Performance Indicators

Percent of projects using the standard IT investment and budget models
Percent of projects with business owners
Months since last review of budgets
Time lag between deviation occurrence and reporting
Percent of project files containing investment evaluations
Number of projects where business benefits are not verified post-facto
Number of projects revealing investment or resource conflicts after approval
Number of instances and time-lag in delayed use of new technology

ebc Service Commitments

5. Critical Success Factors

Policy enforcement is considered and decided upon at the time of policy development
A confirmation process is in place to measure awareness, understanding and compliance with policies
Well-defined and clearly articulated mission statements and policies are available
Information control policies are aligned with the overall strategic plans
Management endorses and is committed to the information control policies, stressing the need for communication, understanding and compliance
Management is leading by example
There is practical guidance with respect to implementation of policies and procedures
Diverse attention-catching methods are used to repeatedly communicate important messages
Information control policies are current and up-to-date
There is a consistently applied policy development framework that guides formulation, roll out, understanding and compliance

6. Additional Information

Maturity Level Characteristics


0	1	2	3	4	5