Policies are an integral part of the management of an organization. Technical policies are easier to define, manage and monitor than human policies. The greatest threat, however, comes from the people within the organization.

The Challenge:

• To develop policies that comply with South African legislation, local and international best practice and corporate requirements, and to keep those policies current. - The environment in which an organization functions is continually changing and this has a direct impact on the policies that govern behaviour within an organization. If policies are not kept current, the organization faces the risk of not complying to internal or external regulations, changes in technology and changes the in their market space.
  
  

• To standardize the look and feel of policies across all departments and business functions (HR, Finance, IT, etc.). - Users respond more appropriately to instruction when it is given in a format to which they are accustomed. Policies will be more easily understood and accepted if the user is comfortable with the format in which they are supplied.
  
  
• To deploy policies to all parties affected by the particular policy and to deploy them frequently enough to ensure continued awareness. - In most organizations, users receive a policy pack on the first day of employment which they are expected to read completely and sign. This is done irrespective of whether the policy applies to that user or not. Further more, the user is seldom if ever exposed to the policy again. It is therefore imperative to deploy only the specific policies that affect the user on a regular basis.
  
  
• To ensure that the party affected by a given policy has received, read, understood and accepted the said policy. - If a user returns a signed policy document, there is no guarantee that the user even read the document, let alone understood the content of the policy. An organization needs to ensure and be able to prove that the users not only accept but also understand the policies that affect them.
  
  
• To provide a forum through which all affected parties can respond and comment on policies. - Very few organizations have the facility to allow users to comment on the policies that affect them. Users will far more willingly accept policy that they have the power to influence.
  
  
• To allow users to report violations to any policy without the risk of retribution. - Policy violations are incredibly difficult to manage without the input of the employees. Employees who are looking after the best interests of the organization need an environment in which they can safely report policy violations without facing the risk of being intimidated by the parties in breach of the policy.
  
  
• To prove that policies are effectively managed within and organization. - The parties responsible for policy within an organization have an immense challenge trying to ensure that the employees in the organization know, understand and accept the policies that affect them. Currently the most effective tool for measurement is internal surveys which tend to be flawed from the start. Comprehensive reports that address specific challenges and provide a management overview of the status of the organization are imperative in managing this environment.
  
  
  
  
  
  

The Solution:

DRS introduces a monthly managed service that addresses the challenges of managing the policies within an organization.

DRS has created, through a combination of technology, intellectual property and legal consultation a service that will assist with policy lifecycle management. This will include:

• Policy Creation. - Through a combination of existing policies within the organization, best practice policy templates and legal consultation, DRS will endeavour to ensure that the policies in the organization comply with all requirements.
  
  
• Policy Distribution. - Policies will be automatically deployed to the relevant parties. Record will be kept of the fact that the policy was sent electronically to the user and that the user received, accessed and read the policy.
  
  
• Policy Acceptance. - Record will be kept of the fact that the user accepted the policy.
  
  
• User Understanding. - The users understanding of the policy will be tested and record will be kept of the fact that that the user actually understood the content of the policy.
  
  
• Policy Compliance. - A forum will be created through which users can anonymously report policy violations. Techniques are provided that will encourage users to identify and report on policy violations.
  
  
• Policy Review. - All policies will be reviewed at least once a year to ensure continued compliance with legislation, changing technologies and the changing business environment.
  
  
• Reporting. - Management will have full visibility of the process through a combination of monthly reports and web access to a reports console.