There are lots of ways of doing something like this. First and foremost, I
believe there should be a centralized process (a policy custodian if you will)
to manage all policies (not just IT's policies). The policies would be owned
by the various departments in the Company, and it would be their responsibility
to keep them up-to-date. This could be a quarterly, semi-annual, or annual
procedure to update all policies, processes, and procedures. By using the
custodian, you then have a centralized source to go communicate updates to.
As for policy organization, I like the idea of having a general policy that
references all other policies. I like to see companies go the extra mile and
further divide their policies into groups so they pertain to an employee�s
position or responsibilities, rather than having an employee go through all
Company policies. I believe this makes it easier for the employee to actually
read through and understand what the Company's expectations for them are.
As for having employees sign-off, the amount of detail that goes into this
effort is really dependent on the Company's culture (and usually the Law
department). I have seen many companies that just require an employee to
sign-off on a general policy when they are first employed; I have also seen
companies that require employees to sign-off annually. I like the idea of
having employees sign-off at least annually. It gives them an opportunity to
review everything and see any changes that have been made. I also like the
idea of a paperless solution for this (i.e., a web application that all
employees would visit that contains all policies that pertain to them and
sign-off by using some type of electronic signature).
Some of these suggestions might be geared towards a bigger company, but I
believe a system like this could be implemented anywhere... in some way shape
or form.
