Standards and Policies
Develop and communicate standards and policies for information management (including data definitions, taxonomies, models, usage patterns, archiving policies and schedules, information policies, roles and rights), and key process indicators (such as service levels for all data and information-based services, and cost of ownership).
Improvement Planning
Practices-Outcomes-Metrics (POM)
Representative POMs are described for Standards and Policies at each level of maturity.
- 1Initial
- Practice
- Develop policies and standards to meet specific purposes.
- Outcome
- Policies, standards and controls are often inconsistent and /or incomplete
- Metric
- # of policies and standards mapped to requirements of specific business units.
- 2Basic
- Practice
- Develop consistent policies and standards.
- Outcome
- Policies and standards are being developed and their application is improving data quality.
- Metric
- Growing # of policies and standards mapped to requirements of generic business units.
- 3Intermediate
- Practice
- Apply consistently existing policies and standards.
- Outcomes
- Policies and standards are applied in IT and some business units effectively and efficiently.
- Thus, reducing costs, mistakes, rework and customer issues.
- Metric
- # of policies and standards mapped to requirements of generic business units.
- 4Advanced
- Practices
- Design development processes so that policies and standards are incorporated.
- Conduct periodic reviews and improvement cycles.
- Outcomes
- New and updated solutions incorporate the applicable policies and standards and facilitate compliance with audit logs and automated controls.
- Improvements are generating better savings and showing value for the investment.
- Metric
- # of policies and standards mapped to requirements of extended business units that are based on a central and mature, but manual internal development process.
- 5Optimized
- Practices
- Determine policies and standards based on evolving strategic, risk and technical factors.
- Facilitate the automation of the application of policies and standards based on agreed risk tolerance factors and external recognised standards.
- Outcome
- Policies and standards are effective and efficient across the business ecosystem.
- Metric
- # of implemented internal policies and standards which are mapped to the requirements of all business units that are based on organization/external standards.