For a while now I've been intending to post a couple of example documents, such as policies and typical processes, for downloading on my website. Sitting here in my hotel room tonight, with nothing better to do, I figured I would get to work on an example/template for an ISMS Policy.
Sounds easy. I have no problem banging them out when I'm busy at work helping organizations to prepare theirs. But I've been sitting here for hours now and have little to show for it.
I'm phrasing it this way, then phrasing it another way, then changing my mind and looking at it from a completely different angle altogether. Which statement should I put in and which should I leave out? Who am I speaking too? What's the purpose of the policy? Who is actually doing the speaking? What is my focus? What is the actual message?? I have no idea!
The problem, I believe, is that I just don't have any context. In an implementation we go through a whole bunch of things before we get to the point where we, or I, will sit down and write the first draft of a management system policy. At that stage, it just kinda flows. And when its reviewed by the top brass, it makes sense and is relevant to them.
It just bought home to me (again) the importance of process, and why these ISO management system standards make you do what they make you do.. i.e. to 'understand the context of the organization' - and also why I am so adamant about not using generic templates as a general rule of thumb.
I'm sure I'll put something up at some point, but be warned if you end up downloading it, you will probably end up having to re-write the entire bloody thing as you find it doesn't fit your own business context!
Sounds easy. I have no problem banging them out when I'm busy at work helping organizations to prepare theirs. But I've been sitting here for hours now and have little to show for it.
I'm phrasing it this way, then phrasing it another way, then changing my mind and looking at it from a completely different angle altogether. Which statement should I put in and which should I leave out? Who am I speaking too? What's the purpose of the policy? Who is actually doing the speaking? What is my focus? What is the actual message?? I have no idea!
The problem, I believe, is that I just don't have any context. In an implementation we go through a whole bunch of things before we get to the point where we, or I, will sit down and write the first draft of a management system policy. At that stage, it just kinda flows. And when its reviewed by the top brass, it makes sense and is relevant to them.
It just bought home to me (again) the importance of process, and why these ISO management system standards make you do what they make you do.. i.e. to 'understand the context of the organization' - and also why I am so adamant about not using generic templates as a general rule of thumb.
I'm sure I'll put something up at some point, but be warned if you end up downloading it, you will probably end up having to re-write the entire bloody thing as you find it doesn't fit your own business context!
No comments:
Post a Comment