What makes a good digital policy?
Whether I am working with a large multinational or a small company, I am always asked what makes a good policy. The answer is straight forward, as a good policy always:
- Reflects the organization and the risks and opportunities you are looking to address around a specific digital aspect.
- Addresses all locations, digital channels, and people/groups that are subject to the policy (hint: Imagine yourself as a marketeer trying to create a microsite. If you read the policy, would you understand it?)
- Is prescriptive and clear, without the need for contextual support or interpretation (hint: Do not write a policy and then tell the intended audience to seek local legal advice. It is frustrating and a nuisance.)
- Reads clearly in plain language and not require an attorney to translate the meaning to an individual looking to produce a specific aspect of digital.
- Is short and to the point, but provides links and references to supporting standards, operating procedures, and guidelines as needed (hint: If your policy is longer than 2 pages in total, consider whether the policy is crisp and clear enough. See point #4).
- Has an owner who writes the policy and is assigned to track impacts to the policy and update it over time, based on internal and external drivers (e.g. laws, change to technology, change to business objectives, etc.).
To make a good policy highly effective, you need to deliver and embed it into the organization. This doesn’t mean required training before a user can access a CMS (although that may be appropriate in select circumstances), but rather creating a program around the policy that educates and informs, and acts as an enabler. More on how to drive policy adoption in your organization in subsequent posts, but I hope you will take a look at your policies and consider if they are simply there as an artifact or are they really good policies.