The wave of new age technologies that are invading the enterprise hasspurred the debate on who sets IT user policy and how organizations cancontrol it. Richard H. Thaler, a Professor of Behavioral Science and Economics, in his paper- "Test, Adapt, Learn: Developing Public Policy with Randomised Controlled Trials" cites two principles that help policymakers create good policies that work for normal people:

- If you want to encourage some activity, make it easy.

- You can't make evidence-based policy decisions without evidence.

"These are exactly the principles that CIOs should apply when making decisions and rolling out a workforce technology, be it a social business and collaboration strategy, hardware refresh, tablet deployment, teleworking strategy, desktop virtualization program, or anyother technology program that touches a lot of employees," writes Ted Schadler, Vice President, Principal Analyst at Forrester Research in hisblog.

Be it full-fledged enterprise mobility or accessing corporate e-mail over the phone, there needs to be a specific set of rules and guidelinesincorporated in the user policy that defines who gets to do what, when and where. The conversation titled ' Who Sets IT User Policy? A CIO Power Panel Discussion' at the Computerworld IT Roadmap event held across the three cities of Bangalore Mumbai and Delhi threw up multiple points of view on the ownership of the policies, the implementers and how to gain maximum compliance.

While creating an effective IT user policy falls under the domain of IT, Sudhir Reddy, CIO, MindTree believes that it is not the sole responsibility of IT. "While a large portion of the responsibility restson the shoulder of IT, policy building is a very collaborative and consultative effort," he says.

Sunil Mehta, Sr. VP & Area Systems Director- Central Asia, JWTconcurs, "User policies cannot be developed by IT in isolation and willhave to be a consultative process with the departments involved. IT cannot the big daddy of the organization and dictate terms for everything".

The development of user policy is a balancing act since there are internal stakeholders other than the CIO within the organization and there are customers and external partners. Ranga Raj, CIO, CelStream states, "Organizations need to look at what makes sense keeping in mind the strategies of all parties involved".

Once the user policies are built collaboratively it needs to be communicated to the employees in an easily understandable format. The onus of ensuring user compliancedoes rest with IT. "Even though the development of the policy is a consultative effort, IT still owns it. There will be instances where IT will have to put its foot down and decide the course of action," says Guruprasad Murty, VP-IT & IS, Microland.

Mehta feels that, as the custodian of corporate data, it becomes the responsibility of IT to create the user policies in a way that the users are motivated to follow the guidelines. "We crunch our policies into 5 action points and send those to users along with the detailed policy document that is attached for their reference," he adds.

Original post:
Setting IT User Policies That Work