The Evolution of an IT Policy and Pragmatism

In a recent argument with my eight year old son, I complained, “You put more work into avoid the work than it would take to actually DO it!” Shortly thereafter, it came time to review and sign the IT policies, an annual task for our employees.
The IT policies themselves have evolved to include social media acceptable practices, the near prohibition of streaming media unless you work in PR and apps, something that didn’t matter ten years ago. I realized that the very process of employees signing off IT policies has evolved.

The Olden Days

IT policies were printed out on paper. Employees were supposed to read them and review them. This typically occurred at a large meeting where handouts were given. Questions were answered. Everyone was expected to read them and sign them before handing it out.
Advantages of this process included the opportunity to ask questions of knowledgeable staff and some supervision to ensure that it wasn’t just signed off and turned in. The downside was the sheer volume of paper it required.

The Introduction of Content Management Systems

Content management systems or CMS allowed IT policies to be posted online. Employees could read the documents online. In the first generation of the CMS, the sign off process was simply clicking a check box that said “yes, I have read these policies”. Managers could generate reports about how many people had read the policies and identify those who had not.
The advantages included elimination of pounds of paper, the ease of distributing new policies and reportability. The disadvantage that was later discovered was the same thing I run into with pre-teen children – the desire to do as little as possible, and the effort that may be expended to avoid the perception of work. Employees sometimes visited the site, clicked the check box and were done. When later iterations required someone to open the file before the check box was visible, staff would occasionally open the file long enough for the check box to appear and then check it off.
The shortcomings of this system were clear when people were terminated for watching streaming video shows on their work computers and shocked that this was not allowed, despite the IT policies clearly stating it wasn’t. (The fact that they had enough time to watch an hour of TV on a work PC is a separate matter.)

Content Management Systems with Workflows

The downside of the initial CMS model was the human factor and tendency to efficiency. So the next generation of the content management system included a workflow. You had to open each document and close it before you could verify that it had been read. All IT policy documents had to be opened and at least load before it could be signed off as done. While you could theoretically sign it off as read after 30 seconds, the CMS tracked the time it was open. Managers could identify who signed off ten documents in less than five minutes compared to those who took an hour to read all the forms.


The irony of all of this was the realization that the IT policy sign-off and tracking system had evolved to try to counter adults acting much like my eight year old, seeking the most efficient way to race through a task to move on to what they’d rather do. The only difference is that in my child I’d call it laziness, while most adults would consider it practicality or pragmatism.