On Fri, May 21, 2010 at 9:38 AM, Edward Ned Harvey <lop...@nedharvey.com> wrote: > For the moment, I am not asking you what you think is good policy. > > For the moment, I am only asking for feedback on my intended style, to > introduce policy in an organization that formerly had none. > > I’m looking for perspective outside my own brain and eyeballs. Please > imagine you are a user, in a company with no policy. You probably keep your > password secret, at least most of the time, because you probably think that > makes sense. But not everyone does. You probably only pirate tiny little > softwares, like winzip, which you’re easily able to use without getting > caught. But somebody might be pirating big stuff like autocad. And so on. > There’s probably no porn, but who knows... You get the idea. In other > words, everybody is free to simply make all their own choices. > > As soon as any new rules are introduced, I would anticipate, users will > object and feel restricted. Nobody likes giving up freedom they already > had. So my goal is to introduce new policy in such a way that users feel > willingly compliant. Hopefully even the extremists will be willingly > compliant, but if not, they’re going to have to take it anyway. > > So my strategy is this: I created a mailing list, similar to the one you’re > reading now. I invited everyone to join it, with the following invitation: > > (Actually, I’ll post the invitation in a separate email. I think it’s more > effective that way.)
I don't want to be harsh, but I can't think of a worse way to go about this. You're setting up a forum to allow users to discuss the policy before it's created, you're *inviting* them to participate (not requiring), and the very first line of your email you're worried about whether people will like you or not. First, you do not write policies by committee. You have a good thought that you don't want to bludgeon the users with a new policy, but that's just something YOU need to keep in mind as the expert who's writing it. That's what you're getting paid for -- not to waffle around with a bunch of people who have no interest in IT. YOU should be working with THE BUSINESS (ie, the owners and/or high-level managers) to see what their needs are, and then make sure the policy protects the business and meets those needs. Next, these people probably don't care. They have their real work to do, and really don't have the time or inclination to put in their two cents on some policy document (via an email forum that they have to sign up to, etc...). The most you're going to get from them is something like "I want to be able to set my wallpaper to a picture of my kids" anyway. No one is going to argue that they should be allowed to install viruses or have pron. Your second email is far too long (I didn't even read it, and you can expect the same from your users), and seems to ramble on about your own internal perception of how the business sees IT (or maybe you're putting out some vibes that causes them to see it this way). Also, your own personal views about "big corporate policies" have no place in a discussion like this, nor most of the other personal experiences you have related in there. OK, so what should you be doing? -. Shut down the email list. You are throwing technology at a non-technical problem, and forcing the work you should be doing onto your users (and they're not going to do it anyway). Discussing things via email lists may be natural to you, but you're in IT and they aren't. -. Take each point in that second email and write up a policy to protect against the issue. Simple as that. -. Sell the policy to users by appealing to their sense of loyalty and productivity to the business. If you explain to them the reasons for each policy and the benefit to the business, they will be more willing to accept it. You should give a presentation and this would be a good place to relate your anecdotes from the second email. -. Roll out technical measures piecemeal, so they don't get hit with them all at once. I understand the impulse to get everyone together and be the nice guy about this, but you can't. It just doesn't work. I'm not saying you need to be a jerk and foist a bunch of draconian policies on users, you just need to drop the "communal" approach. Get some feedback AFTER you have something written. YOU are the expert, and this is what YOU are getting paid for. _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
