Category: Policy documentation

The difference between Policies, Standards, Procedures and Strategies

As a Technical Writer, I have written many policies, processes, strategies, standards and related documents. These documents outline how a business operates and provide help when a team member requires a reference.

I worked on a project where the PM insisted a document contained a process. When I said it was a strategy, he threw a hissy fit. He insisted and had no intention of listening. He is not the first who thought they knew better. In the meantime, steam billows from my ears while the consultant continues to sprout opinions on the various documents.

For the uninitiated, here is my explanation of the difference between Policies, Standards, Procedures, Standards and related documents.

Policy document?

A policy sets out an agreed management policy which might refer to IT Security and Risks. However, it will not give any direction on how to execute this vision or strategy.

A set of policies are principles, rules, and guidelines planned or adopted to reach its long-term goals. Management signed policies and published them in the Company’s preferred medium.

    • Writing Policies is to influence and determine major decisions.
    • Processes and procedures are the specific methods used to express policies in action in daily operations.

What is a Process?

It is a task, a procedure – it is NOT a Plan.

The ISO definition of a process is:

A process is a set of inter-related activities that turn inputs into outputs,

You MUST learn the process; know WHY you need it and perform the process end-2-end.

      • Process is a high-level description of a series of inter-related tasks covering an entire business.
      • It is an internal, ongoing process updated annually, as policy guidelines serve as a crucial guide for employees and managers.

Procedure 

A procedure contains more detail than a process but less detail than a work instruction. It tells users HOW to perform sequential tasks to achieve a specific outcome.

Participants will complete a procedure from start to finish in one continuous time frame (no significant delays between steps).

Work Instructions (WI)

A WI contains a detailed description of a task. Its sole purpose is to explain how to do a specific task step by step.

Plan

IT IS NOT a Process

      • Organisations have Management Plans which outline WHAT you are going to do; it does not explain HOW you will perform a task.
      • The Plan determines how to allocate resources and provides backup plans if resources are not available at a crucial time.
      • The Plan document outlines the components to show How a process will work.
      • A plan is how you will move from A to B and should support your strategy by providing a method to reach B containing an acceptable balance of risk and reward.

What is strategy?

A strategy document explains how an organisation will move from point A to Point B.

      • How will you get there?
      • Issues, problems
      • Solutions and tools to get you to point B

A strategy solves the move from A to B, considering any unforeseen issues and problems that may occur to slow your journey to B.

Your strategy is WHAT you want to do.

Understanding the difference between a strategy and a plan allows you to make sound strategic planning decisions that separate the two.

What is the standard?

Standards are mandatory actions or rules that give formal policies support and direction. Writing standards requires a company-wide consensus on what standards must be in place. It can be a time-consuming process vital to the success of your information security program.

      • They are written to show expected user behaviour—for example, a consistent company email signature.
      • Might specify what hardware and software solutions are available and supported.
      • Compulsory and must be enforced to be effective. (This also applies to policies!)

Content and Documents | How Can I help you?

In the aftermath of Coronavirus, many managers may know they have documentation projects in the pipeline and, on their mind, is hiring a technical author. As a contract Technical Author with 20 years plus experience, what can I offer you?

What type of documentation will your project need?

With the documentation, I would advise you NOT to delay even now and start any discovery phase to identify which titles you need to prepare.

How can I make your project run with more ease?

I have a vast collection of generic documentation covering PCI, ISO27001, GDPR, ITIL. Hence, with some tweaks and by understanding your requirements, my generic documentation can be tweaked to suit your company’s needs, which will save time and money.

Compliance projects

Compliance projects generate more documentation than managers expect. If you have not already performed a discovery or due diligence phase, you could have up to 60 titles to write ranked in order of importance.

  • Payment Cards Industry (PCI)
  • ISO27001
  • ITIL and ITSM Policy and process documentation

Confluence and SharePoint

Do you use either confluence or SharePoint, or both?

Have you lost control of the content/documentation?

Has the structure in Confluence been overridden by numerous spaces that are no longer valid, filled with legacy content and no ownership?

Poorly written content and documents can hamper productivity and lead to mistakes. You may need an expert eye to look over your content and documents and identify what is no longer needed and seek to slim down the information in either.

Transformation

Are you about to start a transformation project and have discovered the documentation has no value? Stress not. With help from SME’s and a series of interviews, the documentation will soon be underway. I wrote a booklet on such projects. Read it. To help start the technical documentation, I have the following templates:

  • Operating templates
  • Installation guides
  • Profile document
  • Technical procedures for management

Disaster Recovery and Business Continuity

I have a collection of templates that can help get a plan up and running after consulting with your staff.

Call Me 07534 222517

Email: twriter201@gmail.com

Technical Writing | Hire a Technical Writer sooner, rather than later

As a Technical Writer with over Twenty Years of experience, I need to address a problem which haunts documentation projects. I aim this at Project Managers who scope such projects as part of a more comprehensive project.

Have you ever planned a project (PCI, GDPR, ISO27001, ITIL, Policy and Process) where documentation is critical? If so, how did it go? Crucially, did the project deliver ALL the documentation? If not – do you know why the plan failed?

First: Did you speak to a Technical Writer for a realistic appraisal of the expected outcomes?

Second: was your budget a few pennies short?

A collective failure of technical / process documentation projects is the lack of knowledge and expertise during the planning and discovery phases. Many project managers do NOT grasp the reality of a documentation project.

If the PM does NOT know the difference between a written process, a documented plan, and the purpose of a policy and its processes, your project could be in trouble.

The planners do not understand the lifecycle of a document, from the initial draft through various reviews and sign-off. The process takes much longer than expected.

How long does it to write a document? My default answer is “I do not know”. Technical Policy and Process documentation, depending on the project (PCI, GDPR, Operations, ITIL), will have many requirements and factors which delay the following stages:

      • the information gathering,
      • the interviewing
      • opinions
      • the writing,
      • review stages,
      • amendments
      • opinions, and
      • sign-off.

The likely reality of writing a 30-page A4 process document containing:

      • VISIOs (3 or more) comprising between 10 to 30 steps
      • Process narratives (3 or more) of between 10 to 30 steps
      • Appendixes (2 or more)

It will take at least 8 – 12 weeks of effort before the review stage. My advice is not to plan such a project without professional help.

Compliance projects such as PCI and GDPR generate a lot of policy and process documentation. If you are starting from scratch, the list of required documents could exceed 60 or more. In timing terms, you are looking at 12/18 months of work. To be safe, let’s say 24 months. If you have partially written documents, DO NOT expect timings to diminish to a few months. If the papers are scattered throughout various drives, the technical author must first attempt to get the documentation into a consistent state. That could take months of work.

Finally, there must be a management agreement to help the PM and TA find the resources to succeed. Any failures will multiply costs.

Hire a Technical Writer

My advice is this: If you have a project that requires documentation, hire a Technical Writer, not a Business Analyst, for advice from the start of the project, NOT when the end date is in sight and when the budget is running out. The TW can highlight issues, risks, and bottlenecks and help you manage expectations within the allocated time assigned to the project.

The Technical writers will need:

    • to assimilate the project
    • Time for training on any tools
    • access to Subject Matter Experts (SMEs)

Add in contingencies for illnesses, holidays and unplanned absences, and resignations from the project. They happen.

If the budget and the timelines become fixed (in stone) with multiple documents to complete in a short period, then produce quality rather than quantity.

To ensure quality, rank the documents across the set:

    1. Required
    2. Nice to have
    3. Not important

Or use The MoSCoW method.

    • M – Must have this requirement to meet the business needs
    • S – Should have this requirement if possible, but project success does not rely on it
    • C – Could have this requirement if it affects nothing else on the project
    • W – I would like to have this requirement later, but delivery won’t be this time.

Additional Points

    • Travel: Will the TWs need to travel abroad or nationally?
    • References: Identify any useable archived documentation.
    • Reviews: decide who will review and who will sign off a document
    • Scope: Could there be any changes which will add to or change the size of the project

In summary,

Documentation projects fail due to:

    • poor planning
    • the lack of experience and
    • not allowing enough time to complete the documentation.

In contrast, documentation projects succeed due to:

    • excellent planning
    • understanding of documentation lifecycles
    • allowing enough time to complete the documentation.

Finally: If the project’s success depends on the documentation (Disaster Recovery Plan, PCI/DSS, BCP and ITIL)—why do PMs and SMEs allocate so much of the budget to non-documentation resources?

%d bloggers like this: