Before you can write a policy document, you should understand what a policy is. In simplistic terms, a policy is governing principle. For example, your Information Technology division may have a security policy mandating certain actions that must be implemented. People often confuse policies with procedures. A procedure is a series of steps that are followed to implement a policy.
A policy is made up of multiple directives referred to as policy statements. Using the previous example, an I.T. security policy will consist of multiple policy statements for the required actions. They are meant to be high level statements that do not change frequently.
You need to pay close attention when writing policy statements. Using the word “may” in place of the word “shall” can completely alter a statement. If you find yourself having to write policy statements for the first time, here are some basic tips to help you through the process.
- Policy statements are clear, concise and written in simple language
- Policy statements are numbered for easy reference
- Use the same terms to convey the same information throughout the document to avoid confusion
- Avoid including information that frequently changes. For example, use position titles as opposed to names
- Write policy statements in the present tense
- Use active verbs instead of passive verbs
- Use gender neutral language (e.g. use “their” in place of “he” or “she”)
- Avoid the use of acronyms. If acronyms are necessary, write the acronym in full at first use in the document. For example, the first time you reference I.T., you should write Information Technology (I.T.). You can then use the acronym throughout the document
- Avoid exceptions. Avoid using the word “except” in a policy statement to create an exception
- Write policy statements around broad issues
- Use the word “shall” for mandates and compulsory actions
- Use the word “may” for options and “should” for recommended actions
- Avoid using the words “will” and “all”