The importance of context when writing a policy

Home / Management Systems Implementation / The importance of context when writing a policy

For a while now, I’ve been intending to create and post a couple of example documents for downloading. Yanno, the usual stuff,  such as policies and common management system processes. Sitting here tonight, with nothing better to do, I figured I would get to work on an example/template for an ISMS Policy.

Sounds easy enough. I have no problem banging them out when I’m busy at work helping organizations to prepare theirs. But I’ve been sitting here for hours now and have little to show for it.

I’m phrasing it this way, then phrasing it another way, then changing my mind and looking at it from a completely different angle altogether. Which statement should I put in and which should I leave out? Who am I speaking too? What’s the purpose of the policy? Who is actually doing the speaking? What is my focus? What is the actual message?? I have no idea!

The problem, in my opinion, is that I just don’t have any context. In an implementation, we go through a whole bunch of steps before we get to the point where we, or I, will sit down and draft out a management system policy. Those steps include, for example, identifying the purpose and strategic goals of the business, internal and external issues, legal and regulatory requirements, customer needs and expectations, intended outcome of the management system and basically provides a detailed understanding of what it is that top management would like to achieve. At that stage, it just kinda flows. And when it’s reviewed by the top brass, it makes sense and is relevant to them. It’s something they can take ownership of.

It just brought home to me (not for the first time either) the importance of process, and why these ISO management system standards make you do what they make you do.. i.e. to firstly understand the ‘context’ of the organization so as to have that input when it comes to establishing a company policy – and also why I am so adamant about not using generic templates, as a general rule of thumb.

Never the less, I shall be posting some example policies soon enough, or templates if you will. But be forewarned if you do end up downloading any of them thinking that they are going tick the ‘policy’ box for your implementation, you will probably end up having to re-write the entire bloody thing when you find it doesn’t fit your own business context!

Leave a Reply

%d bloggers like this: