How to Apply Lean Principles to Policy Writing

How to Apply Lean Principles to Policy Writing

Information Governance  |  Intelligent Information Management (IIM)

As important as Intelligent Information Management (IIM) policy writing is, it's probably not the only dish you have cooking on the stove. It's important, therefore, not to let that process commandeer more time from your day than it has to. The best way to do that is to keep your IIM policies lean.

What Does It Mean for an IIM Policy to be Lean?

We want both the final document and the policy creation/revision process to be free of unnecessary elements. From drafting to consultation to revision to submission for approval and whatever other steps the document will need to go through in your office, the fewer superfluous statements involved, the faster it can happen.

How Do I Write Lean Policy?

The policy writing principle that can help you do that is very simple: Include only what you need. Everything else can be dispensed with.

Don't start with the generic question: What should organizations have in their IIM policies? There is no perfect IIM policy, and what you find in other organizations' policies is a product of their circumstances.

The better question to ask would be: What rules have we put in place in the organization that lack an authority behind them?

You no doubt have lots of rules in place already. Typically, offices assemble all these rules in one place — let's call it the "office manual" — intended to help people do their jobs.


Get Your Free Guide: Records Management Governance in 12 Easy Steps


But here's a thought: not every rule has to be a policy. The only rules that need to be embedded in corporate policy are those that are:

  1. required
  2. not backed by an existing authority, and
  3. considering the corporate culture at the organization, people would be unlikely to follow in the absence of explicit management backing.

In a Utopian world, an office manual alone would be sufficient. It would set out all the IIM rules you want people to follow, along with explanations, examples, and suggestions. Everyone in the organization would happily comply.

Notwithstanding that most offices don't function that way, it is the correct starting point. The office manual is the compendium of your IIM rules and practices. It contains information collected from legislation, regulation, facts, best practices, your experience, and policies.

The IIM policy will eventually be approved by some higher-up individual or committee. In order not to waste their time (or yours), the policy should be devoid of statements that do not require approval.

A Typical Case: Unnecessary Restatement of Law

Let's look at a real example.

Your office manual explains that all your information assets are subject to the Freedom of Information Act. (FOI Act). Your authority for that position is the FOI Act itself. Drafting a policy statement like:

All corporate information assets are subject to the Freedom of Information Act

...is a waste of time.

If that statement applies to you, it's true whether or not it appears in your IIM policy. It doesn't become truer because it's in both the law and the policy. The statement doesn't need consultation, it doesn't need approval, in fact, it doesn't need to go through any of the steps that a true policy decision needs to go through.

Putting a statement in your policy that merely repeats the truth created by another authority — be that legislation, regulation, or standards created by a professional oversight body — is an unnecessary duplication of effort.

Other examples of statements that don't belong in IIM policies include the following:

  • Employees may copy documents so long as they don't infringe copyright.
  • Employees must protect personal information from improper disclosure.
  • Employees must not keep any information or images prohibited by law on their computers.

In each case, where there is a law setting out the rule above, the same statement in a policy document is redundant.

Why Choose a Lean Approach to IIM Policy Writing?

This lean approach to policy writing will allow you to focus your efforts on the practical gaps in your rule suite. Your policy might end up being only four statements long, where those four statements back up those sections of your office manual that lack another authority.

This approach is very similar to writing an academic paper, just as you might have done back in college. As you write your paper and need to quote the source of a specific statement, you footnote it, pointing readers to the authority for the claim. You don't footnote every sentence in your paper. You only footnote those statements that you think would be challenged by the professor or other readers.

It's exactly the same for the office manual. Some —but not all —of the statements in the manual will need an authority. Of those statements, the authority may already exist in legislation, regulation, or standard. It may even exist in a current office policy written by another branch of the office, such as security or IT.

If the authority doesn't exist elsewhere, and you think you need one because the IIM statement you're making will be challenged, then and only then does it need to be included in an IIM policy.

 

Free Guide: Records Management Governance in 12 Easy Steps

About Lewis S. Eisen, JD CIP CVP

Lewis S. Eisen, B.A., J.D., CIP, offers an approach to drafting policy that has been adopted by groups at organizations across Canada, the United States, and the United Kingdom. He is the author of the international bestseller ’How to Write Rules that People Want to Follow: A Guide to Writing Respectful Policies and Directives.’ Contact him for information on running a one-day workshop for your chapter or region.