I agree that Policy should be a very focused document, addressing limited
subjects and also agree that the framework you posted makes sense.

The policy should only reflect names of organizational units at the highest
level and position titles of any critical decision makers/participants in
establishing Policy, but not any names.

I'm not in agreement with the concept that details should be in Appendices
to the Policy, I'm of the thinking that any "procedural" or "practice"
instructions should be completely independent, but reference should be made
to them (or where to find them) within the policy. Making them a part of the
Policy (even as an appendix) would require direct notification of any/all
subject to compliance the Policy every time they change.  If your
organization is as dynamic as many may be, these are likely to change regularly.

It's also critical the Policy reflect a date and/or revision number to
ensure there's no question which is the current policy, and depending on
your retention schedule, past versions of policies and backup as to WHY
changes were made to them should be retained for "a long time".... (you
probably thought I was gonna use the P- word, huh?)  This allows you to
document WHY things may have been done differently in the past and to answer
questions about what may at some time be called into question as
"inconsistent practices".

[log in to unmask]

List archives at
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]