Always be prepared and ready for action.

This one simple, yet profound phrase embodies the ideals and directives of what business standards and policies are all about and why they are so crucial to the fiscal success and user friendly streamlined management and administration of business today.


Standards originate from without an organization. However; in areas not covered by “official” standards or regulatory requirements organizations are free to choose whether or not to voluntarily adopt the various standards and/or proposed standards (this is known as opt-in). In these cases the degree of compliance can also vary considerably from one organization to the next. Conversely external factors such as the need to comply with legislation or industry-wide recommendations may conspire to force an organization to adopt specific standards. Whenever legislation and/or other regulations are applicable failure to comply with their provisions will ultimately result in the imposition of punitive penalties. Depending upon the breach incarceration may result.


Policies on the other hand generally originate from within an organization. The primary objectives and basic functions detailed/proposed in a policy are generally intended to deliver positive benefits whilst avoiding negative effects, at least from the organization’s perspective. Think of a policy as being more of a statement of organizational intent with the goal of formulating a deliberate plan of action to guide decisions and achieve rational outcome(s). As such; the term “policy” may apply to, government, private sector organizations and groups, as wells as to individuals.

The term “policy” is also used to refer to the process of making important organizational, management, financial and administrative decisions. This incorporates the identification of different viable alternatives such as processes, programs, projects or spending priorities. These alternative options are considered to form a pool of possible solutions from which the final selection will come. One area where adherence to policy has considerable impact is in the making of a selection from this pool of possible solutions when multiple potential candidates in the range are more-or-less of equal merit. In these situations it is often the case that company policy will act as the “tie-breaker” by influencing or even dictating which option wins by clearly defining and delineating the criteria for selection in each instance.

Compliance with corporate policy is generally not negotiable and noncompliant individual(s) will generally experience some form of penalty. The type of penalty will vary from one organization to the next depending upon the breach in question. The ultimate penalty for noncompliance with organizational policies would be termination of employment.

So it is; that generically speaking, company policy aims to facilitate the rapid attainment of specifically defined explicit goals while preserving organization-wide consistency. Reasons why an organization might develop special purpose policies include:

  • Exploitation – To improve an organization’s capacity to exploit the positive benefits (from the organization’s perspective) of a given scenario or situation as identified as “worthy of pursuit” by that organization
  • Privacy – Privacy policies such as corporate privacy policies are widely used today and will generally include information pertaining to their collection, storage, updating, notification, security and eventual secure disposal of sensitive information such as customer details. Privacy legislation may require the organization to formulate an appropriate privacy compliant with its provisions and thus organizations are bound by law to develop a privacy policy 
  • Distribution – To regulate the distribution and sharing of resources within an organization and/or with its business partners. This will also include such facets as customer support resources and product development resources
  • Security – Security policies are developed by most organizations because they are obligated to by legislation and because they realize the importance of the role that security has to play in our modern world. Security policies will therefore address such issues as personal safety, information safety, and emergency situation procedures as well as general day-to-day operating procedures
  • Management – Management and initiatives policies are usually developed to facilitate an organizations ability to respond to extraordinary circumstance(s). Events such as disasters of both the man-made and natural kind as well as the changing business climate (changes in the prevailing economic climate) are all reasons that will see an organization develop management and special purpose policies. Rapid response to action is the primary motivating focus here.   

Policy Life Cycle Management

Adopting a life-cycle approach to business policy management has the advantage of ensuring that all business policy can proactively adapt rapidly in concert with the prevailing yet ever changing business, political, social and regulatory climates now and well into the future. One example of a widely accepted business policy management life-cycle is the Bridgeman/Davis Policy Life Cycle shown below.

  1. Issue Identification
  2. Policy Analysis
  3. Policy Instrument Development
  4. Consultation (generally applicable at all stages of a policy’s lifecycle)
  5. Coordination
  6. Decision
  7. Implementation
  8. Evaluation or Re-Evaluation

Policy Documentation

Regardless of whether or not the policy being developed is organization specific, standards-based, opt-in standards-based or a regulatory requirement there are a number of elements that should always be included when documenting policies. Some of these essential and never to be left out features/components are:

  • Policy Purpose Statement – Why the policy is being implemented and what it’s supposed to achieve
  • Policy Scope Statement – Who and/or what the policy affects as well as any exclusions
  • Policy Time Statement – When the policy takes effect, its intended period of tenure and the projected nominated timeframes for policy review, reassessment, extensions or final termination
  • Policy Roles and Responsibilities Statement – Details who is responsible for what and when
  • Policy Change Management Statement – Details the accepted and expected procedures and practices by which change or re-evaluation of policy goals and objectives may be initiated
  • Policy Effects Statement – The specific organizational or other regulations, requirements, modifications, specifications or behaviors that the policy is being implemented to address or create
  • Policy Background Statement – The origins, reasoning, motivation, and historical perspective for creating the policy along with any underlying, extenuating or extrapolated processes are clearly identified and stated in the policy background statement (a bit like a mission statement)
  • Policy Milestones Statement – Identification of important points/milestones in the policy’s lifecycle including the development, reviewing and implementation stages as well as any signoff points
  • Policy Life-Cycle Statement – Description of the policy lifecycle model being used
  • Policy Terms and Definitions – A glossary style component detailing all definitions and terminology contained within or inferred by the policy as employed or inferred by the policy
  • Policy Signoff Statement – Formal signoff statement containing parameters detailing various degrees of currency, progress and the satisfaction or completion of policy conditions as well as a formal signoff page. Usually includes at least one entry per milestone.