Well Steve... I agree, it DOES.
From my experience, a "Policy" should be very high level and not include substantial details. It should be a "Thou Shalt" document, with a minimal level of citations to guidance that explains why it's required and who mandates it. It should also state the benefits of compliance, and the risks of failing to... and it should identify who is required to comply with it.
The policy should introduce high level "Roles and Responsibilities", which will be expanded in supporting documents.
Beneath this, there should be supporting documents... at minimum, a "Program Description" and a "Procedure". And depending on the SCOPE of your program, these should include links to, or guidance for, any/all elements of the organization that have support roles and unique compliance requirements or processes.
The "Description" document should include a glossary of terms introduced in all of these documents, and these should be VERY CLEARLY defined, citing any external sources, where used.
An example of WHY this is important is the earlier discussion of concepts and requirements related to:
-Records
-Backups
-Archived Information
-Content
-Information Assets
and other terms and practices that will be described/defined.
Senior Management should approve/sign off on these as ORGANIZATIONAL requirements that ALL ASPECTS of the organization must follow. If there is a need for other aspects of the organization to write specific procedures, any/all of those should point to these overarching Policy documents as the authority for what must be done, then provide specific steps on how they achieve compliance and any unique requirements they must meet (privacy, finance, medical, HR, IT, security, etc)
Documents of this type should be numbered and include a revision log, stating what changed and when. They should carry an 'issued' date and a scheduled review/revision date... and even if no changes are required, they should indicate they were reviewed and reissued unchanged, with new dates.
Larry
[log in to unmask]
Sent from MY iPhoneSeĆs
> On Nov 4, 2016, at 12:14 PM, Petersen, Steve <[log in to unmask]> wrote:
>
> I'm working to finalize a new RIM documentation package for my employer and a discussion of how to best help find the employee find the documentation they need most effectively has broken out. In reading through the listserv archive and other research I've found that there are two major schools of thought on formatting: Specific policy and the rest of documentation in a tiered format dependent on the level of the information in it, One policy with many sections and/or appendices.
>
> I understand the reasoning for both approaches and am wondering if in the last few years whether one approach has gained an advantage or if other approaches have surfaced. I know Larry will probably give the "It Depends" answer :) and will the best answer will possibly be influenced by previous documentation formats, industries and/or enterprise sizes. Looking for some peer benchmarking, especially in the financial services market.
>
> Enjoy the week end
>
> Steve Petersen CRM
> Enterprise Records Management
> 319-355-5837
>
>
> List archives at http://lists.ufl.edu/archives/recmgmt-l.html
> Contact [log in to unmask] for assistance
> To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
> mailto:[log in to unmask]
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
|
