Policies, Procedures, and Work Instructions—Oh My!

To the average IT worker, policies, procedures, and work instructions can be as daunting as the possibilities of facing lions, tigers and bears were to Dorothy, the Tin Man, and the Scarecrow during their journey along the yellow brick road.

In early 2013, Premier, Inc., a healthcare performance improvement alliance headquartered in Charlotte, NC, performed an internal audit of the IT change management process that identified a few areas in need of improvement. The recommendations from the audit included maturing Premier’s change management process documentation to the level of a formal policy with supporting procedures. This shift was no small undertaking, as the change policy needed to cover a number of change types and would be implemented across infrastructure and development teams.

I will detail the process that Premier undertook to create the new version of its change policy and associated procedures. Along the way I’ll provide some tips that you can use to enhance and perhaps speed the creation of your own policies and procedures. Before we get started on this journey let’s make sure our terminology is clear.

• Policy. This is a document that discusses what is to be done and why it needs to be done. It is common for a policy to cover a process and have multiple policy statements to make sure all necessary requirements are addressed. For example, our change policy states that all changes shall be tested before being implemented in the production environment.
• Procedure. This is a document that supports the policy and explains how things are to be done. For example, if this is a testing procedure, it would explain the types of tests that should be conducted and perhaps how they should be documented. 
• Work Instruction. This document supports the procedure and details how things are to be done. For the testing example, a work instruction could detail how a group is meeting the requirements of the policy and/or procedure.

Creating New Policies and Procedures

I picked up a few best practices in my work with Premier’s policies and procedures. Here are my tips for the document creation process.

Tip #1. Understand your goals to keep the focus and avoid scope creep in your documents. The process of creating/updating documents should always begin with understanding WHY we are creating/updating a document. Why did we need an updated change policy? For our case, we needed to solidify the process based on the audit findings. Understanding our own goals helped to keep us focused on the creation of a policy and procedure set that worked for us.

Understand your goals to keep the focus and avoid scope creep in your documents.

Tip #2. The update/creation process is typically aided by having a place to start. Use all the resources that you have to find existing policies from other organizations that you can adopt and adapt to your own needs. This includes resources such as HDI, itSMF USA, Gartner, Forrester, or even a search of the internet to find sample documents that you can use as a starting point. From here, you adopt, adapt, and merge ideas from these sources to create a policy or procedure that works for your organization.

Tip #3. Whenever possible, link your documents to other, existing governing documents in your corporation that they support or are derived from to establish a complete governance framework. However, don’t over reference as this can lead to confusion for the readers.

Tip #4. Consolidate the definitions within the master policy document. I used this approach when creating the change policy and associated procedures for Premier. We wanted one place to maintain these definitions for consistency and ease of maintenance. This approach must be balanced so that the readers don’t have to flip back and forth between documents.

Tip #5. Use a common template for your policies and procedures, especially if your company is already using templates for these document types. The use of a common template allows for the readers/users of your templates to digest them easier when they need to refer to them.

Tip #6. Make sure the documents are right sized, where they are sufficiently long enough to cover the needs, but are also short enough to understand. You are not congress; you should not have policies and procedures that cover hundreds of pages. In many cases, even ten pages will be too long. If you try to address each and every scenario within the policies you will have a hard time gaining acceptance and enforcing them due to complexity.

Final considerations around the creation/update process include socializing the changed/new document as you create/update to gain feedback and buy-in of the documents and partnering with human recourses (HR) to make sure any enforcement mechanisms in the policy are in alignment with HR policies and procedures for disciplinary action should they be violated.

After the documents are written and drafted, the review process follows. Be sure to factor in time for this process as it can be very iterative. I highly recommend giving folks at least five to ten days to review a policy, so make sure this time is built into your schedule. Should you have multiple review levels, be sure to factor them in and plan for at least two passes through your review cycle. For the change policies at Premier, our review process for the first release was not as rigorous as just outlined, and it worked. But we did find some minor issues after release that needed to be corrected. For our next review cycle, we have planned for peer, management, and senior management review levels. The approval will be done by the CIO.

The last step in creating the document is deciding on a publication date as well as an attestation (reading and acknowledging) schedule. Whenever and wherever possible, I would make the document available for reading and attestation before the publication date. This way, questions and clarifications can be addressed before the document is published to minimize the firefighting once the documents are in effect. We’ll come back to the attestation process later.

Marketing the Documents

Marketing the policies and procedures associated with the process is an extremely important step that is often overlooked. This step will help to ensure successful adoption of the policies and procedures by a wider audience and help to ease the associated organizational change management. The organizational change management aspects of policies can be a high hurdle in companies that don’t have a historical basis for having well-defined procedures. When I moved from my previous employer to my current employer, I moved from a company that was ISO-9000 certified to one that was not. These companies have widely different approaches to policies, which is a reflection of the different cultures of the organizations. These differences require a different level of organizational change management.

The marketing approach that I have learned to use is to answer the “What’s in it for me?” questions first. This has both individual and organizational components to it; be sure to address both of these levels. For example, one of the reasons to have policies for any process is to set expectations on how work gets done. This can not only set expectations for the employees but the companies you partner with and those you do business with. These types of questions also have the “Why?” baked in to them, and thus it also helps to answer this question as well. Simon Sinek, in his popular TED talk, helps us understand why this is important. Knowing why is a key to innovating and obtaining a higher level buy-in by driving behavior from an emotional viewpoint and connecting to those who share your beliefs.

A second method of marketing documents is to get input from the stakeholders—those who will have to follow the process. This is a great opportunity to make sure that you have fewer detractors by turning many of them into supporters. Another method is to have a senior management champion illustrating support for the documents. At Premier, we accomplished this goal by having communication about the documents sent out by this senior leader to those impacted. This communication stressed the importance of the documents and why they were being implemented. Finally, as mentioned above, it is good to market as you develop the documents to aid in their acceptance.

Use multiple methods of communication to help market the documents or explain extensive changes to existing documents. Methods to employ can include articles, signs, email blasts, town hall meetings, FAQ documents, lunch meetings, videos, and even prizes and games. Premier used multiple informational meetings to give affected personnel an opportunity to ask questions and to help them fully understand the rationale behind the changes. Using these myriad methods of communication, multiple reminders (to readers and to the managers of readers), and these informational sessions, Premier was able to achieve 91 percent attestation within four weeks and 95 percent attestation within nine weeks of notifying those affected.

Maintaining the Documents

Once the documents have been published and are put into use, the next phase of the lifecycle will be to maintain them. Maintenance can be due to minor things like spelling errors or to provide clarification, or they can include complete revisions made due to changing requirements or continual improvement activities.

The maintenance starts by monitoring the use of the policy and procedures and seeing where the users have questions or keep missing key parts of the process. One should resist the urge to continually change the documents for every little item that is brought up. This resistance is needed to make sure that there is some stability in the document process and allow the formation of evidence of the policy working. All updates to policies and procedures should be in alignment with your organization’s policy on creating/maintaining polices. Should your organization not have a policy on this, you should either create one or include maintenance activities as part of your policy. It is common for policies and procedures to be reviewed at least annually to make sure that the policy is up to date.

Please remember that the review cycle means that the document must be reviewed on a regular basis, not that it must be updated. This update process should follow the same process that we have just outlined and starts the plan-do-check-act process for the next round of updates.

Lessons Learned

Now that you have an understanding of the processes involved in creating, publicizing, and maintaining policies, procedures, and work instructions, I will conclude with some lessons I have learned.

• As Dr. Steven Covey has so wisely told us, begin with the end in mind by understanding management’s vision and level of commitment. In other words, what goals is the organization trying to achieve with the creation/update of the policies and procedures? Without this tactic, your efforts can easily go astray.
• Be sure to understand the organizational change management aspects of this process and the amount of time that this can take. I know from my own experience that there will be those who need extra attention to understand the why behind the change and to get comfortable with the change, and therefore, time is taken away from future projects.
• Make sure to build in time for the review process to have multiple passes, as updates and re-reviews can take some time. You will almost certainly get comments and suggestions from your reviewers and approvers. 
• Include those who will be most affected on the project and/or review teams to turn potential detractors into champions. This can help to reduce the cycle time of improvements by giving those most affected buy-in on the changes.
• Communicate, communicate, communicate, and communicate some more to keep everyone aware of the changes. Again, this is meant to help everyone get acclimated to the new way of working and keep them at ease and feeling safe.
• Build necessary incentives, especially non-monetary ones, into the improvement process. This can include providing opportunities for personal and professional growth, training, achievement, and celebrations. An incentive-based system can help to keep the project’s momentum moving in the right direction. 

For further study on process design and improvement, I recommend Donna Knapp’s, The ITSM Process Design Guide. For organizational change management, I recommend Pamela Erskine’s ITIL and Organizational Change.