Policy vs Stadard vs Guideline vs Practice의 개략적인 차이를 잘 설명 해 놓은 글...

이런 체계가 잘 잡혀있는 회사와 그렇지 못한 회사의 차이는 안 봐도 뻔한 거다.

별거 아닌 것 같아도 만드는 자체가 다 돈이고 시행착오도 많이 거쳐야 한다는 사실.

Control 부서에서 일하다 보면,

User 부서에서 이런건 왜 허용이 안되냐고 물어오면 아래와 같은 것들에 능통해야 할말이 생김.

이걸 얼마전에 뼈저리게 느끼고... 또 공부 중. Governance란 멀리 있는 게 아니다.

회사의 부서 캐비닛에 잘 정립된 Policy, Standard, Guideline이 있다면 정말 괜찮은 회사에 댕

기고 있는거다. 오늘부터 다 외우자!

==========================================================
 IT Policies, Standards, Guidelines, Practices

General  Background

Policies, standards, guidelines, and practices exist in a sort of hierarchy. Policies tend to be short, concise, and more centered on principles than technical or process details. As you move from policies towards guidelines you may accrue more detail but you lose some of the weight of enforcement carried by policies.

Policy, standard, guideline, and practice documentation all require periodic review.  Information Technology is rapidly evolving, and we have to be careful to not unduly constrain ourselves through an outdated frame of reference. 

Each of these artifacts should also have an owner.  The owner is responsible for maintaining them as well as resolving questions regarding them.  The owner can be a role such as CIO, a committee such as the Board of Trustees, or nominally a unit or department such as NSIT.  While an individual can be responsible for guiding a draft statement to adoption, individuals should not be considered the owner once adopted.

Each of these may also have a scope.  For example, some standards may be university-wide and some may be departmental or workgroup standards.  In the event of a conflict between a local standard or policy and one from a higher level, the policy or standard with the broadest scope generally supersedes the local form.  So, a university-wide policy will always supersede a departmental policy unless the university explicitly makes allowances for departmental autonomy in the particular instance.

The scope, owner, and date of last review should all be made obvious to those who need to be informed of the artifact in question.

Policies

A policy is a high level statement of agreed upon principles. In most cases, policies should be concise and not technically detailed.  Policies should have some enduring value that is at least somewhat resistant to the rapid pace of technological change.

Policies must be followed unless the policy itself creates an exception process for extraordinary circumstances.  There are generally consequences for not following a policy, potentially legal or procedural.

Information Technology policies for which NSIT is responsible may be found through the NSIT Policies web page.

The mockup for the next generation NSIT Policies page can be found here.

Policy statements being proposed for consideration in some draft or strawman form may be found here.

Standards

A standard is a statement of the agreed upon correct process or technology for addressing a common requirement.  A standard may relate to a policy by being a statement of the agreed upon way in which a particular policy is instantiated.

There are likely to be consequences for choosing to not follow a standard.  These consequences may not be obvious to the individual, but may cause some difficulty, increased cost, or impaired function elsewhere within the University, department, or unit.  Therefore, a decision to not follow an approved standard may result in that decision being overruled.

Current standards may be found [here.]

Draft standards may be found here.

Guidelines

A guideline is a recommended process or technology whose implementation or adoption would cause some generally perceived benefit to accrue to the institution, individual, department, or unit.  An individual or unit may choose to not follow a particular guideline, but the usual benefit may be lost.  Therefore, there should be some greater benefit that could be articulated to explain why the alternative choice was made.

Current guidelines may be found [here.]

Draft guidelines may be found here.

Practices

Practices are the methods and procedures used to implement policies and standards.  Best practices are those practices which have been found to provide the greatest benefit in some measure such as reduced cost, improved efficiency, greater sustainability, etc.