SlideShare a Scribd company logo

IT-POLICY-AND-PROCEDURES-1.0.EDU.part01.pdf

Edward Munir
Edward Munir

The document provides an overview of information technology (IT) policies, processes, and procedures. It defines key terms like policy, process, and procedure. Policies dictate rules while procedures explain how to apply the rules. It explains that well-documented policies, processes, and procedures are important for internal control, compliance, managing risks, and continuous improvement. They help standardize and manage IT operations. The document also discusses common characteristics of good policies and procedures, such as using clear language and involving stakeholders. It outlines typical components of policies like consequences for non-compliance and of procedures like steps, roles, and references.

1 of 15
Download to read offline
E D W A R D M U N I R , C I S A C D C P I T I L F (edward.munir@gmail.com) INFORMATION TECHNOLOGY POLICY, PROCESS AND PROCEDURE TRAINING MATERIAL EDWARD MUNIR, CISA CDCP ITILF (edward.munir@gmail.com)
E D W A R D M U N I R , C I S A C D C P I T I L F (edward.munir@gmail.com) IT POLICY AND PROCEDURE OVERVIEW
E D W A R D M U N I R , C I S A C D C P I T I L F (edward.munir@gmail.com) WHAT ARE IT POLICY, PROCESS AND PROCEDURE Policies and procedures are critical governance tools in every enterprise. Where policies dictate the rules, procedures explain how these same rules are practically applied in real life. Taken as a collective, policies and procedures set expectations for behaviors and activities, as well as provide mechanisms to enforce these expectations. [INFOTECH] IT policies help organizations to properly articulate the organization’s desired behavior, mitigate risk and contribute to achieving the organization’s goals. [ISACA] POLICY: The set of basic principles and associated guidelines, formulated and enforced by the governing body of an organization, to direct and limit its actions in pursuit of long-term goals. PROCESS: Sequence of interdependent and linked procedures which, at every stage, consume one or more resources (employee time, energy, machines, money) to convert inputs (data, material, parts, etc.) into outputs. These outputs then serve as inputs for the next stage until a known goal or end result is reached. PROCEDURE: A fixed, step-by-step sequence of activities or course of action (with definite start and end points) that must be followed in the same order to correctly perform a task. Repetitive procedures are called routines. Businessdictionary.com
E D W A R D M U N I R , C I S A C D C P I T I L F (edward.munir@gmail.com) WHAT ARE IT POLICY, PROCESS AND PROCEDURE RECORDS All should be implemented and documented (auditable, traceable)
E D W A R D M U N I R , C I S A C D C P I T I L F (edward.munir@gmail.com) WHY WE NEED IT POLICY AND PROCEDURE
E D W A R D M U N I R , C I S A C D C P I T I L F (edward.munir@gmail.com) WHY WE NEED THEM Each service needs to have policies and procedures to help them guide the actions of all individuals involved in the service. INTERNAL CONTROL • Compliance • Operational Needs • Managing Risks • Continuous Improvement Standardized process → Managed process
E D W A R D M U N I R , C I S A C D C P I T I L F (edward.munir@gmail.com) WHY WE NEED THEM Related to Quality Management System (QMS) Functions-and-Processes-in-IT-Management-article-ITSM-Global-Best-Practice-Vol-1-2008
E D W A R D M U N I R , C I S A C D C P I T I L F (edward.munir@gmail.com) WHY WE NEED THEM Functions-and-Processes-in-IT-Management-article-ITSM-Global-Best-Practice-Vol-1-2008 Value to organization!
E D W A R D M U N I R , C I S A C D C P I T I L F (edward.munir@gmail.com) CHARACTERISTICS AND COMPONENTS
E D W A R D M U N I R , C I S A C D C P I T I L F (edward.munir@gmail.com) COMMON CHARACTERISTICS GOOD POLICIES  Policies are written in clear, concise, simple language.  Policy statements address what is the rule rather than how to implement the rule.  Designated “policy experts” (identified by title in each document) are readily available to interpret policies and resolve problems.  Policies represent a consistent, logical framework for operations.  Outcomes are clearly stated.  Assumptions are clear and explicit.  There is linkage to organisational direction.  Due process in the development stage has been observed.  Stakeholders have been included in the development.  Public interest has been given a high priority.  Organisational expectations have been met.  The policy is likely to be both efficient and effective.  Outcomes are stated in measurable terms.  There is a capacity to evaluate outcomes.  It has been appropriately funded and resource.  There is clear accountability.  It follows all appropriate laws.  It is enforceable.  It is historically informed.  Ideas have been tested prior to implementation. Article Source: http://EzineArticles.com/5562525
E D W A R D M U N I R , C I S A C D C P I T I L F (edward.munir@gmail.com) COMMON CHARACTERISTICS GOOD PROCEDURES  Procedures are tied to policies. Making explicit this relationship along with how the procedure helps the organization achieve its goals.  Procedures are developed with the customer/user in mind. Well developed and thought out procedures provide benefits to the procedure user.  There needs to be a sense of ownership among procedure users. For this reason, it helps to involve users in the development of campus procedures.  The procedures are understandable. Procedures should be written so that what needs to be done can be easily followed by all users. • Prosedur menunjang tercapainya hasil proses tujuan organisasi. • Memiliki standar hasil yang diharapkan secara terukur. • Terdapat PIC yang jelas pada tiap activities, dan sesuai RACI/RASCI yang ditetapkan. • Prosedur mampu menciptakan adanya pengawasan yang baik dan menggunakan biaya yang seoptimal mungkin. • Prosedur menunjukan urutan- urutan yang logis dan sederhana. Ada “start” s/d “finish” • Prosedur menunjukan adanya penetapan keputusan/hasil dan tanggung jawab.
E D W A R D M U N I R , C I S A C D C P I T I L F (edward.munir@gmail.com) COMMON COMPONENTS POLICY:  Appointment of individuals who have the authority to approve policies and their associated responsibilities  Determination of the consequences for failing to comply with given policies  Definition of a process for handling exceptions to policies  Definition of a method for measuring and monitoring compliance with policies  Definition of the scope of the policy and the group of stakeholders that has to follow the policy [ISACA] (RACI/RASCI matrix)
E D W A R D M U N I R , C I S A C D C P I T I L F (edward.munir@gmail.com) COMMON COMPONENTS Komponen Pendukung Prosedur:  Halaman judul. Ini meliputi 1) judul prosedur, 2) nomor identifikasi SOP, 3) tanggal diterbitkan atau revisi, 4) nama badan/divisi/cabang di mana SOP diterapkan, dan 5) tanda tangan mereka yang menyiapkan dan menyetujui SOP tersebut. Bagian ini dapat menggunakan format apa saja, selama informasi yang disampaikan jelas.  Daftar Isi. Ini hanya perlu jika SOP Anda cukup panjang, untuk memudahkan referensi. Yang akan Anda temukan di sini adalah kerangka standar sederhana.  Jaminan Kualitas/Kontrol Kualitas. Sebuah prosedur bukanlah prosedur yang baik jika tidak dapat diperiksa. Siapkan materi dan detail yang diperlukan sehingga pembaca dapat memastikan mereka memperoleh hasil yang diinginkan. Materi ini dapat meliputi dokumen-dokumen lain, misalnya seperti sampel evaluasi kinerja.  Referensi. Pastikan untuk menuliskan seluruh referensi yang digunakan atau yang penting. Jika Anda menggunakan referensi SOP lain, pastikan untuk melampirkan informasi yang diperlukan dalam lampiran.
E D W A R D M U N I R , C I S A C D C P I T I L F (edward.munir@gmail.com) COMMON COMPONENTS Komponen utama Prosedur:  Cakupan dan penerapan. Dengan kata lain, menggambarkan tujuan proses, batasan-batasannya, serta bagaimana proses ini digunakan. Meliputi standar, persyaratan regulasi, peran dan tanggung jawab, serta input dan output.  Metodologi dan prosedur. Inti permasalahannya -- buat daftar langkah-langkah dengan detail yang penting, termasuk perlengkapan yang diperlukan dan sesuai RACI/RASCI matrix. Cantumkan pula prosedur-prosedur yang berurutan serta faktor-faktor penentu keputusan. Kemukakan "pengandaian" dan kemungkinan adanya gangguan atau pertimbangan keselamatan.  Klarifikasi terminologi dan pengertian diagram. Jelaskan akronim, singkatan, dan seluruh frasa yang bukan merupakan istilah umum.  Peringatan kesehatan dan keselamatan. Untuk dituliskan dalam bagian terpisah dan bersama dengan langkah-langkah saat terjadi masalah. Jangan melewatkan bagian ini.  Perlengkapan dan persediaan yang digunakan. Daftar lengkap hal-hal yang dibutuhkan dan kapan serta di mana dapat menemukan perlengkapan, standar perlengkapan, dll.  Peringatan dan gangguan. Pada dasarnya, bagian troubleshooting. Cantumkan kemungkinan masalah yang dapat terjadi, apa yang harus diwaspadai, dan apa yang dapat mempengaruhi produk akhir yang ideal. Beri masing-masing topik ini bagiannya sendiri (umumnya dinyatakan dengan angka atau huruf) agar SOP Anda tidak mengandung kalimat-kalimat panjang yang membingungkan dan untuk memudahkan referensi. Ini bukanlah daftar lengkap, melainkan baru sebagian kecil langkah-langkah prosedural. Organisasi Anda dapat menyebutkan aspek-aspek lain yang membutuhkan perhatian.
E D W A R D M U N I R , C I S A C D C P I T I L F (edward.munir@gmail.com) DISCUSSION SHARING EXPERIENCE Q & A THE END THANK YOU

Recommended

Value Summary 2.0 Overview
Value Summary 2.0 OverviewValue Summary 2.0 Overview
Value Summary 2.0 Overview
bpatterson888
 
Implementing IT Service Management: A Guide to Success
Implementing IT Service Management: A Guide to SuccessImplementing IT Service Management: A Guide to Success
Implementing IT Service Management: A Guide to Success
Dave Cornelius - Value Contributor-agility and innovation
 
Sdlc1
Sdlc1Sdlc1
Sdlc1
Jithin Kottikkal
 
Unit Iii
Unit IiiUnit Iii
Unit Iii
Ram Dutt Shukla
 
CMMI
CMMICMMI
CMMI
Fáber D. Giraldo
 
Management systems
Management systemsManagement systems
Management systems
melynch
 
Lean six sigma demystified webinar
Lean six sigma demystified webinarLean six sigma demystified webinar
Lean six sigma demystified webinar
ILX Group
 
System Development Life Cycle Essay
System Development Life Cycle EssaySystem Development Life Cycle Essay
System Development Life Cycle Essay
Pamela Wright
 

Recommended

Value Summary 2.0 Overview
Value Summary 2.0 OverviewValue Summary 2.0 Overview
Value Summary 2.0 Overview
bpatterson888
 
Implementing IT Service Management: A Guide to Success
Implementing IT Service Management: A Guide to SuccessImplementing IT Service Management: A Guide to Success
Implementing IT Service Management: A Guide to Success
Dave Cornelius - Value Contributor-agility and innovation
 
Sdlc1
Sdlc1Sdlc1
Sdlc1
Jithin Kottikkal
 
Unit Iii
Unit IiiUnit Iii
Unit Iii
Ram Dutt Shukla
 
CMMI
CMMICMMI
CMMI
Fáber D. Giraldo
 
Management systems
Management systemsManagement systems
Management systems
melynch
 
Lean six sigma demystified webinar
Lean six sigma demystified webinarLean six sigma demystified webinar
Lean six sigma demystified webinar
ILX Group
 
System Development Life Cycle Essay
System Development Life Cycle EssaySystem Development Life Cycle Essay
System Development Life Cycle Essay
Pamela Wright
 
ISO 9001 Quality Management Systems: Implementation and Integration
ISO 9001 Quality Management Systems: Implementation and IntegrationISO 9001 Quality Management Systems: Implementation and Integration
ISO 9001 Quality Management Systems: Implementation and Integration
Specialty Technical Publishers
 
Integrated Management Systems ASQ Silicon Valley section 0613 april 2017_gr c...
Integrated Management Systems ASQ Silicon Valley section 0613 april 2017_gr c...Integrated Management Systems ASQ Silicon Valley section 0613 april 2017_gr c...
Integrated Management Systems ASQ Silicon Valley section 0613 april 2017_gr c...
Govind Ramu
 
Guide for Post-COVID Process & Service Redesign
Guide for Post-COVID Process & Service RedesignGuide for Post-COVID Process & Service Redesign
Guide for Post-COVID Process & Service Redesign
Matthew Boyer
 
Standards For Wright Aircraft Corp
Standards For Wright Aircraft CorpStandards For Wright Aircraft Corp
Standards For Wright Aircraft Corp
Antoinette Williams
 
Theory of Constraints To Improve Labor Productivity. Study Case In Santo Domi...
Theory of Constraints To Improve Labor Productivity. Study Case In Santo Domi...Theory of Constraints To Improve Labor Productivity. Study Case In Santo Domi...
Theory of Constraints To Improve Labor Productivity. Study Case In Santo Domi...
CSCJournals
 
Achieving and Ensuring Business Process Acceptance for Systems and Software E...
Achieving and Ensuring Business Process Acceptance for Systems and Software E...Achieving and Ensuring Business Process Acceptance for Systems and Software E...
Achieving and Ensuring Business Process Acceptance for Systems and Software E...
Dr. Mustafa Değerli
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.ppt
KhalilIdhman
 
Transactional Blackbelts are different
Transactional Blackbelts are differentTransactional Blackbelts are different
Transactional Blackbelts are different
reachab7
 
My Vision
My VisionMy Vision
My Vision
melynch
 
SDM Presentation V1.0
SDM Presentation V1.0SDM Presentation V1.0
SDM Presentation V1.0
KirSinc
 
Software process & product quality
Software process & product qualitySoftware process & product quality
Software process & product quality
IAEME Publication
 
Gr 6 sdlc models
Gr 6 sdlc modelsGr 6 sdlc models
Gr 6 sdlc models
university of education,Lahore
 
What are policies procedures guidelines standards
What are policies procedures guidelines standardsWhat are policies procedures guidelines standards
What are policies procedures guidelines standards
Manish Chaurasia
 
Ed Sattar at TSCE: Understanding Regulatory Change Management in Environmenta...
Ed Sattar at TSCE: Understanding Regulatory Change Management in Environmenta...Ed Sattar at TSCE: Understanding Regulatory Change Management in Environmenta...
Ed Sattar at TSCE: Understanding Regulatory Change Management in Environmenta...
Ed Sattar
 
Quality management interview questions
Quality management interview questionsQuality management interview questions
Quality management interview questions
selinasimpson2301
 
standards1.pdf
standards1.pdfstandards1.pdf
standards1.pdf
Karthick Panneerselvam
 
RTI System devolopment.ppt
RTI System devolopment.pptRTI System devolopment.ppt
RTI System devolopment.ppt
dyahsusilowati7
 
BIS2311Topic1
BIS2311Topic1BIS2311Topic1
BIS2311Topic1
Middlesex University EIS
 
Making Smart Choices: Strategies for CMMI Adoption
Making Smart Choices: Strategies for CMMI AdoptionMaking Smart Choices: Strategies for CMMI Adoption
Making Smart Choices: Strategies for CMMI Adoption
rhefner
 
It service management towards a contingency theory of performance measurement...
It service management towards a contingency theory of performance measurement...It service management towards a contingency theory of performance measurement...
It service management towards a contingency theory of performance measurement...
University of Southern Queensland
 
Integrity in leadership builds trust by ensuring consistency between words an...
Integrity in leadership builds trust by ensuring consistency between words an...Integrity in leadership builds trust by ensuring consistency between words an...
Integrity in leadership builds trust by ensuring consistency between words an...
Ram V Chary
 
Ganpati Kumar Choudhary Indian Ethos PPT.pptx
Ganpati Kumar Choudhary Indian Ethos PPT.pptxGanpati Kumar Choudhary Indian Ethos PPT.pptx
Ganpati Kumar Choudhary Indian Ethos PPT.pptx
GanpatiKumarChoudhar
 

More Related Content

Similar to IT-POLICY-AND-PROCEDURES-1.0.EDU.part01.pdf

ISO 9001 Quality Management Systems: Implementation and Integration
ISO 9001 Quality Management Systems: Implementation and IntegrationISO 9001 Quality Management Systems: Implementation and Integration
ISO 9001 Quality Management Systems: Implementation and Integration
Specialty Technical Publishers
 
Integrated Management Systems ASQ Silicon Valley section 0613 april 2017_gr c...
Integrated Management Systems ASQ Silicon Valley section 0613 april 2017_gr c...Integrated Management Systems ASQ Silicon Valley section 0613 april 2017_gr c...
Integrated Management Systems ASQ Silicon Valley section 0613 april 2017_gr c...
Govind Ramu
 
Guide for Post-COVID Process & Service Redesign
Guide for Post-COVID Process & Service RedesignGuide for Post-COVID Process & Service Redesign
Guide for Post-COVID Process & Service Redesign
Matthew Boyer
 
Standards For Wright Aircraft Corp
Standards For Wright Aircraft CorpStandards For Wright Aircraft Corp
Standards For Wright Aircraft Corp
Antoinette Williams
 
Theory of Constraints To Improve Labor Productivity. Study Case In Santo Domi...
Theory of Constraints To Improve Labor Productivity. Study Case In Santo Domi...Theory of Constraints To Improve Labor Productivity. Study Case In Santo Domi...
Theory of Constraints To Improve Labor Productivity. Study Case In Santo Domi...
CSCJournals
 
Achieving and Ensuring Business Process Acceptance for Systems and Software E...
Achieving and Ensuring Business Process Acceptance for Systems and Software E...Achieving and Ensuring Business Process Acceptance for Systems and Software E...
Achieving and Ensuring Business Process Acceptance for Systems and Software E...
Dr. Mustafa Değerli
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.ppt
KhalilIdhman
 
Transactional Blackbelts are different
Transactional Blackbelts are differentTransactional Blackbelts are different
Transactional Blackbelts are different
reachab7
 
My Vision
My VisionMy Vision
My Vision
melynch
 
SDM Presentation V1.0
SDM Presentation V1.0SDM Presentation V1.0
SDM Presentation V1.0
KirSinc
 
Software process & product quality
Software process & product qualitySoftware process & product quality
Software process & product quality
IAEME Publication
 
Gr 6 sdlc models
Gr 6 sdlc modelsGr 6 sdlc models
Gr 6 sdlc models
university of education,Lahore
 
What are policies procedures guidelines standards
What are policies procedures guidelines standardsWhat are policies procedures guidelines standards
What are policies procedures guidelines standards
Manish Chaurasia
 
Ed Sattar at TSCE: Understanding Regulatory Change Management in Environmenta...
Ed Sattar at TSCE: Understanding Regulatory Change Management in Environmenta...Ed Sattar at TSCE: Understanding Regulatory Change Management in Environmenta...
Ed Sattar at TSCE: Understanding Regulatory Change Management in Environmenta...
Ed Sattar
 
Quality management interview questions
Quality management interview questionsQuality management interview questions
Quality management interview questions
selinasimpson2301
 
standards1.pdf
standards1.pdfstandards1.pdf
standards1.pdf
Karthick Panneerselvam
 
RTI System devolopment.ppt
RTI System devolopment.pptRTI System devolopment.ppt
RTI System devolopment.ppt
dyahsusilowati7
 
BIS2311Topic1
BIS2311Topic1BIS2311Topic1
BIS2311Topic1
Middlesex University EIS
 
Making Smart Choices: Strategies for CMMI Adoption
Making Smart Choices: Strategies for CMMI AdoptionMaking Smart Choices: Strategies for CMMI Adoption
Making Smart Choices: Strategies for CMMI Adoption
rhefner
 
It service management towards a contingency theory of performance measurement...
It service management towards a contingency theory of performance measurement...It service management towards a contingency theory of performance measurement...
It service management towards a contingency theory of performance measurement...
University of Southern Queensland
 

Similar to IT-POLICY-AND-PROCEDURES-1.0.EDU.part01.pdf (20)

ISO 9001 Quality Management Systems: Implementation and Integration
ISO 9001 Quality Management Systems: Implementation and IntegrationISO 9001 Quality Management Systems: Implementation and Integration
ISO 9001 Quality Management Systems: Implementation and Integration
 
Integrated Management Systems ASQ Silicon Valley section 0613 april 2017_gr c...
Integrated Management Systems ASQ Silicon Valley section 0613 april 2017_gr c...Integrated Management Systems ASQ Silicon Valley section 0613 april 2017_gr c...
Integrated Management Systems ASQ Silicon Valley section 0613 april 2017_gr c...
 
Guide for Post-COVID Process & Service Redesign
Guide for Post-COVID Process & Service RedesignGuide for Post-COVID Process & Service Redesign
Guide for Post-COVID Process & Service Redesign
 
Standards For Wright Aircraft Corp
Standards For Wright Aircraft CorpStandards For Wright Aircraft Corp
Standards For Wright Aircraft Corp
 
Theory of Constraints To Improve Labor Productivity. Study Case In Santo Domi...
Theory of Constraints To Improve Labor Productivity. Study Case In Santo Domi...Theory of Constraints To Improve Labor Productivity. Study Case In Santo Domi...
Theory of Constraints To Improve Labor Productivity. Study Case In Santo Domi...
 
Achieving and Ensuring Business Process Acceptance for Systems and Software E...
Achieving and Ensuring Business Process Acceptance for Systems and Software E...Achieving and Ensuring Business Process Acceptance for Systems and Software E...
Achieving and Ensuring Business Process Acceptance for Systems and Software E...
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.ppt
 
Transactional Blackbelts are different
Transactional Blackbelts are differentTransactional Blackbelts are different
Transactional Blackbelts are different
 
My Vision
My VisionMy Vision
My Vision
 
SDM Presentation V1.0
SDM Presentation V1.0SDM Presentation V1.0
SDM Presentation V1.0
 
Software process & product quality
Software process & product qualitySoftware process & product quality
Software process & product quality
 
Gr 6 sdlc models
Gr 6 sdlc modelsGr 6 sdlc models
Gr 6 sdlc models
 
What are policies procedures guidelines standards
What are policies procedures guidelines standardsWhat are policies procedures guidelines standards
What are policies procedures guidelines standards
 
Ed Sattar at TSCE: Understanding Regulatory Change Management in Environmenta...
Ed Sattar at TSCE: Understanding Regulatory Change Management in Environmenta...Ed Sattar at TSCE: Understanding Regulatory Change Management in Environmenta...
Ed Sattar at TSCE: Understanding Regulatory Change Management in Environmenta...
 
Quality management interview questions
Quality management interview questionsQuality management interview questions
Quality management interview questions
 
standards1.pdf
standards1.pdfstandards1.pdf
standards1.pdf
 
RTI System devolopment.ppt
RTI System devolopment.pptRTI System devolopment.ppt
RTI System devolopment.ppt
 
BIS2311Topic1
BIS2311Topic1BIS2311Topic1
BIS2311Topic1
 
Making Smart Choices: Strategies for CMMI Adoption
Making Smart Choices: Strategies for CMMI AdoptionMaking Smart Choices: Strategies for CMMI Adoption
Making Smart Choices: Strategies for CMMI Adoption
 
It service management towards a contingency theory of performance measurement...
It service management towards a contingency theory of performance measurement...It service management towards a contingency theory of performance measurement...
It service management towards a contingency theory of performance measurement...
 

Recently uploaded

Integrity in leadership builds trust by ensuring consistency between words an...
Integrity in leadership builds trust by ensuring consistency between words an...Integrity in leadership builds trust by ensuring consistency between words an...
Integrity in leadership builds trust by ensuring consistency between words an...
Ram V Chary
 
Ganpati Kumar Choudhary Indian Ethos PPT.pptx
Ganpati Kumar Choudhary Indian Ethos PPT.pptxGanpati Kumar Choudhary Indian Ethos PPT.pptx
Ganpati Kumar Choudhary Indian Ethos PPT.pptx
GanpatiKumarChoudhar
 
原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样
原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样
原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样
tdt5v4b
 
Senior Project and Engineering Leader Jim Smith.pdf
Senior Project and Engineering Leader Jim Smith.pdfSenior Project and Engineering Leader Jim Smith.pdf
Senior Project and Engineering Leader Jim Smith.pdf
Jim Smith
 
Addiction to Winning Across Diverse Populations.pdf
Addiction to Winning Across Diverse Populations.pdfAddiction to Winning Across Diverse Populations.pdf
Addiction to Winning Across Diverse Populations.pdf
Bill641377
 
12 steps to transform your organization into the agile org you deserve
12 steps to transform your organization into the agile org you deserve12 steps to transform your organization into the agile org you deserve
12 steps to transform your organization into the agile org you deserve
Pierre E. NEIS
 
Comparing Stability and Sustainability in Agile Systems
Comparing Stability and Sustainability in Agile SystemsComparing Stability and Sustainability in Agile Systems
Comparing Stability and Sustainability in Agile Systems
Rob Healy
 
在线办理(UVic毕业证书)维多利亚大学毕业证录取通知书一模一样
在线办理(UVic毕业证书)维多利亚大学毕业证录取通知书一模一样在线办理(UVic毕业证书)维多利亚大学毕业证录取通知书一模一样
在线办理(UVic毕业证书)维多利亚大学毕业证录取通知书一模一样
tdt5v4b
 
Employment Practices Regulation and Multinational Corporations
Employment Practices Regulation and Multinational CorporationsEmployment Practices Regulation and Multinational Corporations
Employment Practices Regulation and Multinational Corporations
RoopaTemkar
 
Sethurathnam Ravi: A Legacy in Finance and Leadership
Sethurathnam Ravi: A Legacy in Finance and LeadershipSethurathnam Ravi: A Legacy in Finance and Leadership
Sethurathnam Ravi: A Legacy in Finance and Leadership
Anjana Josie
 
Strategic Org Design with Org Topologies™
Strategic Org Design with Org Topologies™Strategic Org Design with Org Topologies™
Strategic Org Design with Org Topologies™
Alexey Krivitsky
 
Public Speaking Tips to Help You Be A Strong Leader.pdf
Public Speaking Tips to Help You Be A Strong Leader.pdfPublic Speaking Tips to Help You Be A Strong Leader.pdf
Public Speaking Tips to Help You Be A Strong Leader.pdf
Pinta Partners
 
The Management Guide: From Projects to Portfolio
The Management Guide: From Projects to PortfolioThe Management Guide: From Projects to Portfolio
The Management Guide: From Projects to Portfolio
Ahmed AbdelMoneim
 
Enriching engagement with ethical review processes
Enriching engagement with ethical review processesEnriching engagement with ethical review processes
Enriching engagement with ethical review processes
strikingabalance
 
CV Ensio Suopanki1.pdf ENGLISH Russian Finnish German
CV Ensio Suopanki1.pdf ENGLISH Russian Finnish GermanCV Ensio Suopanki1.pdf ENGLISH Russian Finnish German
CV Ensio Suopanki1.pdf ENGLISH Russian Finnish German
EUS+ Management & Consulting Excellence
 
原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样
原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样
原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样
tdt5v4b
 
Risk-Management-presentation for cooperatives
Risk-Management-presentation for cooperativesRisk-Management-presentation for cooperatives
Risk-Management-presentation for cooperatives
bernanbumatay1
 
在线办理(Murdoch毕业证书)莫道克大学毕业证电子版成绩单一模一样
在线办理(Murdoch毕业证书)莫道克大学毕业证电子版成绩单一模一样在线办理(Murdoch毕业证书)莫道克大学毕业证电子版成绩单一模一样
在线办理(Murdoch毕业证书)莫道克大学毕业证电子版成绩单一模一样
tdt5v4b
 
Leadership Ethics and Change, Purpose to Impact Plan
Leadership Ethics and Change, Purpose to Impact PlanLeadership Ethics and Change, Purpose to Impact Plan
Leadership Ethics and Change, Purpose to Impact Plan
Muhammad Adil Jamil
 
20240608 QFM019 Engineering Leadership Reading List May 2024
20240608 QFM019 Engineering Leadership Reading List May 202420240608 QFM019 Engineering Leadership Reading List May 2024
20240608 QFM019 Engineering Leadership Reading List May 2024
Matthew Sinclair
 

Recently uploaded (20)

Integrity in leadership builds trust by ensuring consistency between words an...
Integrity in leadership builds trust by ensuring consistency between words an...Integrity in leadership builds trust by ensuring consistency between words an...
Integrity in leadership builds trust by ensuring consistency between words an...
 
Ganpati Kumar Choudhary Indian Ethos PPT.pptx
Ganpati Kumar Choudhary Indian Ethos PPT.pptxGanpati Kumar Choudhary Indian Ethos PPT.pptx
Ganpati Kumar Choudhary Indian Ethos PPT.pptx
 
原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样
原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样
原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样
 
Senior Project and Engineering Leader Jim Smith.pdf
Senior Project and Engineering Leader Jim Smith.pdfSenior Project and Engineering Leader Jim Smith.pdf
Senior Project and Engineering Leader Jim Smith.pdf
 
Addiction to Winning Across Diverse Populations.pdf
Addiction to Winning Across Diverse Populations.pdfAddiction to Winning Across Diverse Populations.pdf
Addiction to Winning Across Diverse Populations.pdf
 
12 steps to transform your organization into the agile org you deserve
12 steps to transform your organization into the agile org you deserve12 steps to transform your organization into the agile org you deserve
12 steps to transform your organization into the agile org you deserve
 
Comparing Stability and Sustainability in Agile Systems
Comparing Stability and Sustainability in Agile SystemsComparing Stability and Sustainability in Agile Systems
Comparing Stability and Sustainability in Agile Systems
 
在线办理(UVic毕业证书)维多利亚大学毕业证录取通知书一模一样
在线办理(UVic毕业证书)维多利亚大学毕业证录取通知书一模一样在线办理(UVic毕业证书)维多利亚大学毕业证录取通知书一模一样
在线办理(UVic毕业证书)维多利亚大学毕业证录取通知书一模一样
 
Employment Practices Regulation and Multinational Corporations
Employment Practices Regulation and Multinational CorporationsEmployment Practices Regulation and Multinational Corporations
Employment Practices Regulation and Multinational Corporations
 
Sethurathnam Ravi: A Legacy in Finance and Leadership
Sethurathnam Ravi: A Legacy in Finance and LeadershipSethurathnam Ravi: A Legacy in Finance and Leadership
Sethurathnam Ravi: A Legacy in Finance and Leadership
 
Strategic Org Design with Org Topologies™
Strategic Org Design with Org Topologies™Strategic Org Design with Org Topologies™
Strategic Org Design with Org Topologies™
 
Public Speaking Tips to Help You Be A Strong Leader.pdf
Public Speaking Tips to Help You Be A Strong Leader.pdfPublic Speaking Tips to Help You Be A Strong Leader.pdf
Public Speaking Tips to Help You Be A Strong Leader.pdf
 
The Management Guide: From Projects to Portfolio
The Management Guide: From Projects to PortfolioThe Management Guide: From Projects to Portfolio
The Management Guide: From Projects to Portfolio
 
Enriching engagement with ethical review processes
Enriching engagement with ethical review processesEnriching engagement with ethical review processes
Enriching engagement with ethical review processes
 
CV Ensio Suopanki1.pdf ENGLISH Russian Finnish German
CV Ensio Suopanki1.pdf ENGLISH Russian Finnish GermanCV Ensio Suopanki1.pdf ENGLISH Russian Finnish German
CV Ensio Suopanki1.pdf ENGLISH Russian Finnish German
 
原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样
原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样
原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样
 
Risk-Management-presentation for cooperatives
Risk-Management-presentation for cooperativesRisk-Management-presentation for cooperatives
Risk-Management-presentation for cooperatives
 
在线办理(Murdoch毕业证书)莫道克大学毕业证电子版成绩单一模一样
在线办理(Murdoch毕业证书)莫道克大学毕业证电子版成绩单一模一样在线办理(Murdoch毕业证书)莫道克大学毕业证电子版成绩单一模一样
在线办理(Murdoch毕业证书)莫道克大学毕业证电子版成绩单一模一样
 
Leadership Ethics and Change, Purpose to Impact Plan
Leadership Ethics and Change, Purpose to Impact PlanLeadership Ethics and Change, Purpose to Impact Plan
Leadership Ethics and Change, Purpose to Impact Plan
 
20240608 QFM019 Engineering Leadership Reading List May 2024
20240608 QFM019 Engineering Leadership Reading List May 202420240608 QFM019 Engineering Leadership Reading List May 2024
20240608 QFM019 Engineering Leadership Reading List May 2024
 

IT-POLICY-AND-PROCEDURES-1.0.EDU.part01.pdf

  • 3. E D W A R D M U N I R , C I S A C D C P I T I L F (edward.munir@gmail.com) WHAT ARE IT POLICY, PROCESS AND PROCEDURE Policies and procedures are critical governance tools in every enterprise. Where policies dictate the rules, procedures explain how these same rules are practically applied in real life. Taken as a collective, policies and procedures set expectations for behaviors and activities, as well as provide mechanisms to enforce these expectations. [INFOTECH] IT policies help organizations to properly articulate the organization’s desired behavior, mitigate risk and contribute to achieving the organization’s goals. [ISACA] POLICY: The set of basic principles and associated guidelines, formulated and enforced by the governing body of an organization, to direct and limit its actions in pursuit of long-term goals. PROCESS: Sequence of interdependent and linked procedures which, at every stage, consume one or more resources (employee time, energy, machines, money) to convert inputs (data, material, parts, etc.) into outputs. These outputs then serve as inputs for the next stage until a known goal or end result is reached. PROCEDURE: A fixed, step-by-step sequence of activities or course of action (with definite start and end points) that must be followed in the same order to correctly perform a task. Repetitive procedures are called routines. Businessdictionary.com
  • 4. E D W A R D M U N I R , C I S A C D C P I T I L F (edward.munir@gmail.com) WHAT ARE IT POLICY, PROCESS AND PROCEDURE RECORDS All should be implemented and documented (auditable, traceable)
  • 6. E D W A R D M U N I R , C I S A C D C P I T I L F (edward.munir@gmail.com) WHY WE NEED THEM Each service needs to have policies and procedures to help them guide the actions of all individuals involved in the service. INTERNAL CONTROL • Compliance • Operational Needs • Managing Risks • Continuous Improvement Standardized process → Managed process
  • 7. E D W A R D M U N I R , C I S A C D C P I T I L F (edward.munir@gmail.com) WHY WE NEED THEM Related to Quality Management System (QMS) Functions-and-Processes-in-IT-Management-article-ITSM-Global-Best-Practice-Vol-1-2008
  • 8. E D W A R D M U N I R , C I S A C D C P I T I L F (edward.munir@gmail.com) WHY WE NEED THEM Functions-and-Processes-in-IT-Management-article-ITSM-Global-Best-Practice-Vol-1-2008 Value to organization!
  • 10. E D W A R D M U N I R , C I S A C D C P I T I L F (edward.munir@gmail.com) COMMON CHARACTERISTICS GOOD POLICIES  Policies are written in clear, concise, simple language.  Policy statements address what is the rule rather than how to implement the rule.  Designated “policy experts” (identified by title in each document) are readily available to interpret policies and resolve problems.  Policies represent a consistent, logical framework for operations.  Outcomes are clearly stated.  Assumptions are clear and explicit.  There is linkage to organisational direction.  Due process in the development stage has been observed.  Stakeholders have been included in the development.  Public interest has been given a high priority.  Organisational expectations have been met.  The policy is likely to be both efficient and effective.  Outcomes are stated in measurable terms.  There is a capacity to evaluate outcomes.  It has been appropriately funded and resource.  There is clear accountability.  It follows all appropriate laws.  It is enforceable.  It is historically informed.  Ideas have been tested prior to implementation. Article Source: http://EzineArticles.com/5562525
  • 11. E D W A R D M U N I R , C I S A C D C P I T I L F (edward.munir@gmail.com) COMMON CHARACTERISTICS GOOD PROCEDURES  Procedures are tied to policies. Making explicit this relationship along with how the procedure helps the organization achieve its goals.  Procedures are developed with the customer/user in mind. Well developed and thought out procedures provide benefits to the procedure user.  There needs to be a sense of ownership among procedure users. For this reason, it helps to involve users in the development of campus procedures.  The procedures are understandable. Procedures should be written so that what needs to be done can be easily followed by all users. • Prosedur menunjang tercapainya hasil proses tujuan organisasi. • Memiliki standar hasil yang diharapkan secara terukur. • Terdapat PIC yang jelas pada tiap activities, dan sesuai RACI/RASCI yang ditetapkan. • Prosedur mampu menciptakan adanya pengawasan yang baik dan menggunakan biaya yang seoptimal mungkin. • Prosedur menunjukan urutan- urutan yang logis dan sederhana. Ada “start” s/d “finish” • Prosedur menunjukan adanya penetapan keputusan/hasil dan tanggung jawab.
  • 12. E D W A R D M U N I R , C I S A C D C P I T I L F (edward.munir@gmail.com) COMMON COMPONENTS POLICY:  Appointment of individuals who have the authority to approve policies and their associated responsibilities  Determination of the consequences for failing to comply with given policies  Definition of a process for handling exceptions to policies  Definition of a method for measuring and monitoring compliance with policies  Definition of the scope of the policy and the group of stakeholders that has to follow the policy [ISACA] (RACI/RASCI matrix)
  • 13. E D W A R D M U N I R , C I S A C D C P I T I L F (edward.munir@gmail.com) COMMON COMPONENTS Komponen Pendukung Prosedur:  Halaman judul. Ini meliputi 1) judul prosedur, 2) nomor identifikasi SOP, 3) tanggal diterbitkan atau revisi, 4) nama badan/divisi/cabang di mana SOP diterapkan, dan 5) tanda tangan mereka yang menyiapkan dan menyetujui SOP tersebut. Bagian ini dapat menggunakan format apa saja, selama informasi yang disampaikan jelas.  Daftar Isi. Ini hanya perlu jika SOP Anda cukup panjang, untuk memudahkan referensi. Yang akan Anda temukan di sini adalah kerangka standar sederhana.  Jaminan Kualitas/Kontrol Kualitas. Sebuah prosedur bukanlah prosedur yang baik jika tidak dapat diperiksa. Siapkan materi dan detail yang diperlukan sehingga pembaca dapat memastikan mereka memperoleh hasil yang diinginkan. Materi ini dapat meliputi dokumen-dokumen lain, misalnya seperti sampel evaluasi kinerja.  Referensi. Pastikan untuk menuliskan seluruh referensi yang digunakan atau yang penting. Jika Anda menggunakan referensi SOP lain, pastikan untuk melampirkan informasi yang diperlukan dalam lampiran.
  • 14. E D W A R D M U N I R , C I S A C D C P I T I L F (edward.munir@gmail.com) COMMON COMPONENTS Komponen utama Prosedur:  Cakupan dan penerapan. Dengan kata lain, menggambarkan tujuan proses, batasan-batasannya, serta bagaimana proses ini digunakan. Meliputi standar, persyaratan regulasi, peran dan tanggung jawab, serta input dan output.  Metodologi dan prosedur. Inti permasalahannya -- buat daftar langkah-langkah dengan detail yang penting, termasuk perlengkapan yang diperlukan dan sesuai RACI/RASCI matrix. Cantumkan pula prosedur-prosedur yang berurutan serta faktor-faktor penentu keputusan. Kemukakan "pengandaian" dan kemungkinan adanya gangguan atau pertimbangan keselamatan.  Klarifikasi terminologi dan pengertian diagram. Jelaskan akronim, singkatan, dan seluruh frasa yang bukan merupakan istilah umum.  Peringatan kesehatan dan keselamatan. Untuk dituliskan dalam bagian terpisah dan bersama dengan langkah-langkah saat terjadi masalah. Jangan melewatkan bagian ini.  Perlengkapan dan persediaan yang digunakan. Daftar lengkap hal-hal yang dibutuhkan dan kapan serta di mana dapat menemukan perlengkapan, standar perlengkapan, dll.  Peringatan dan gangguan. Pada dasarnya, bagian troubleshooting. Cantumkan kemungkinan masalah yang dapat terjadi, apa yang harus diwaspadai, dan apa yang dapat mempengaruhi produk akhir yang ideal. Beri masing-masing topik ini bagiannya sendiri (umumnya dinyatakan dengan angka atau huruf) agar SOP Anda tidak mengandung kalimat-kalimat panjang yang membingungkan dan untuk memudahkan referensi. Ini bukanlah daftar lengkap, melainkan baru sebagian kecil langkah-langkah prosedural. Organisasi Anda dapat menyebutkan aspek-aspek lain yang membutuhkan perhatian.