How do you track and manage IT policies?

We're getting into formalizing all of our policies and procedures and would like to keep everything in Samanage if possible. 

Right now, I'm thinking that I'd use solutions and a "Policy" category. As for Procedures, I feel like those would just be a standard Solution and/or Service Catalog Item.

I'd be really interested to see your methods and any recommended best practices.

Thanks!

  • It seems like you are or may be asking about several different things things here:

    Internal IT procedures: Solutions may work really well because they're very quick to create and edit.  Unless there are compliance reasons to have robust revision control and approval workflows for IT procedures, flexibility is what you'll want.  Otherwise nobody will create or update them.  We've started to implement our procedures as service catalog items.  That is, we have tasks for major steps in a process, and then use the task description to indicate specific instructions for the tasks.  What's the point of writing a procedure and also having a workflow that implements the procedure, right?  While the system doesn't really automate this, you can use change management to control changes to service catalog items if you have problems with bad edits to procedures.

    Internal IT policy: using Solutions again here might work fine as long as you don't have any compliance requirements. Policies though would typically be wanting for more robust review and training - they represent the "law" that your staff is required to follow, and should change infrequently.  If this resonates with you then something like Sharepoint could fit the bill.  You could cobble a Change workfow to accomplish something similar in SWSD as well.

    Company-wide IT policy:  this is where it gets tricky IMO because a policy that isn't read is a waste of effort, outside of being able to smack people with random disciplinary actions.  We are combining our policy deployment with our Training & Awareness program using Knowbe4.  Our actual policies are managed in a document control system, but when published they will be uploaded into Knowbe4 so that they can be pushed out to all employees, along with relevant training videos.  We'll be able to track this activity and see who has and has not "signed off" on a particular policy, giving us some measurable indicator of compliance.