Skip to Main Content

insightsarticles

Policing in America: Time for a change

07.27.20

Read this if you are a member or leader of a policing agency. 

Due to recent events, community members have taken to the streets nationwide to demand what they deserve from the police as a starting point: social and procedural justice. 

Social justice is an essential component of healthy, effective communities. It is based on a fair and just relationship between individuals and society. Social justice demands that those in the community feel safe—including feeling safe from the police. Feeling safe starts with procedurally-just policing. Procedural justice in policing is the principle that forms the foundation of the community’s willingness, individually and aggregately, to accept the actions of the police, obey laws, participate in the criminal justice system, and partner with law enforcement to reduce crime and disorder, and is dependent on the community’s acceptance of policing actions as fair and equitable. Procedural justice consists of four primary pillars:

  1. FAIRNESS
    Being fair in processes
  2. VOICE
    Providing the opportunity for voice 
  3. TRANSPARENCY
    Being transparent in actions
  4. IMPARTIALITY
    Being impartial in decision-making

Achieving social and procedural justice within policing requires meaningful change and reform that must extend beyond prior efforts. 

Across the United States, communities are calling for revised policies, targeted training, increased accountability, and better screening of police candidates. All of these efforts are important and should be explored. However, these same efforts have been pursued since community-oriented policing (COP) became popular in the 80s and 90s, and even as COP gained additional interest and momentum following a series of high-profile excessive-force incidents that trace back nearly a decade. Despite substantial focus on these areas within the law enforcement industry, concerns over systemic racism, biased policing, and a lack of trust between the police and the community continue to persist.

Community Co-production Policing: The crucial next step

The current policing environment calls for broad and deep reforms in the operations and collaborative culture of police agencies. This level of reform requires a coordinated effort to reframe the police department as a community-owned resource, and can be accomplished through engaging a Community Co-production Policing (CCPP) model. Implementation of the CCPP model, developed by BerryDunn in collaboration with practitioners and community members across the country, merges and unifies police agencies and communities through multiple collaborative pathways, resulting in shared responsibilities in areas such as guidance, oversight, and the development of policies, operational strategies, public safety priorities, and other shared goals.  

Co-production expands the focus of traditional community-oriented policing and includes a greater level of community participation and involvement in key policing strategies that affect the community. The key distinction is that while community-oriented policing is informative, interactive, allows for community input, and is often collaborative with regard to problem solving, co-production involves a greater level of influence and involvement by the community regarding the overarching policing strategies and priorities that ultimately affect those being served by the police agency.  

Building trust and confidence with the community

From a co-production policing perspective, influence and involvement from the community form the foundation for trust and confidence in the police agency and agreement in the processes, procedures, and practices used in pursuit of public safety for those who live in or visit the community. This level of involvement serves as a persistent external accountability process, which helps ensure consistent alignment between community desires and expectations and the actions the police use to meet them. 

Co-production is a collaborative process, not an oversight process. It involves working together to cooperatively co-produce public safety, in a respectful and thoughtful manner that places value on mutuality.

Below, the goals and predicted outcomes of the CCPP model are outlined. Accomplishing the CCPP goals is expected to produce the predicted outcomes, and these new positive outcomes address the longstanding negative outcomes that remain unresolved within the policing industry.

Community Co-Production Policing Goals and Predicted Outcomes
CCCP GOALS PREDICTED OUTCOMES
Reducing fractionalism: The inharmonious separation which has occurred between the community and those responsible for policing it. Increased community trust: Because the community shares decision-making authority in substantive policing matters, they will have shared ownership over the results.
Creating transparency: There can be no more secrecy in accountability or policymaking, or in determining strategies to address and reduce crime and disorder. Enhanced public safety: Trust is the cornerstone to solving crimes, and when trust is established, people will more readily assist in public safety matters affecting them.
Balancing power: Those who police the community must have the authority to do so, however, police department governance should be a shared responsibility. Improved racial/diversity equity: Diverse partnerships lead to greater understanding, which in turn, changes perspectives, beliefs, and behaviors.


The public outcry for police reform provides cities, towns, and counties with a rare opportunity to affect how their communities are policed in the future. This opportunity involves transforming policing towards a collaborative model where the police departments of the future are increasingly community-based and community-operated. BerryDunn’s CCPP model can help communities achieve this level of police reform and transformation. 

For more information on community policing

Mitch Weinzetl and BerryDunn’s public safety consulting team are leading this unique service. Our independence and objectivity enables a facilitation-based approach to engaging stakeholders across the community with the goal of collaborating on a future community policing model that addresses the need for public safety in a way that is informed and inspired by the community that the police departments serve. 

To learn more about how the CCPP model can help reconnect your police department and your community, contact Michele Weinzetl.
 

Related Services

Related Professionals

Principals

  • Doug Rowe
    Principal
    Justice and Public Safety
    T 207.541.2330

"Today, we are called as leaders to step forward and create racial equity and break down systems of oppression. This cannot be accomplished by repeating what solutions have been used in the past or the quick fix of defunding the police in communities. If we want true change and collaboration, it starts with empowering residents to get involved in shaping the vision for public safety services while also equipping those who police the community with the resources they need to effectively provide services.

In partnership with BerryDunn, we are advancing their recommendation to implement CCPP to help us take our community-oriented policing philosophy to the next level. We expect this process to provide sustained opportunities for members of the community to truly collaborate and positively influence the future of policing in Northglenn.”

- Heather Geyer, City Manager, Northglenn, Colorado

Testimonial
Community-oriented policing—positively influencing the future

Read this if you are a police executive, city/county administrator, or elected government official, responsible for a law enforcement agency. 

“We need more cops!”  

Do your patrol officers complain about being short-staffed or too busy, or that they are constantly running from call to call? Does your agency struggle with backed-up calls for service (CFS) or lengthy response times? Do patrol staff regularly find themselves responding to another patrol area to handle a CFS because the assigned officer is busy on another call? Are patrol officers denied leave time or training opportunities because of staffing issues? Does the agency routinely use overtime to cover predictable shift vacancies for vacations, holidays, or training? 

If one or more of these concerns sound familiar, you may need additional patrol resources, as staffing levels are often a key factor in personnel deployment challenges. Flaws in the patrol schedule design may also be responsible, as they commonly contribute to reduced efficiency and optimal performance, and design issues may be partially responsible for some of these challenges, regardless of authorized staffing levels.
 
With community expectations at an all-time high, and resource allocations remaining relatively flat, many agencies have growing concerns about managing increasing service volumes while controlling quality and building/maintaining public trust and confidence. Amid these concerns, agencies struggle with designing work schedules that efficiently and optimally deploy available patrol resources, as patrol staff become increasingly frustrated at what they consider a lack of staff.

The path to resolving inefficiencies in your patrol work schedule and optimizing the effective deployment of patrol personnel requires thoughtful consideration of several overarching goals:

  • Reducing or eliminating predictable overtime
  • Eliminating peaks and valleys in staffing due to scheduled leave
  • Ensuring appropriate staffing levels in all patrol zones or beats
  • Providing sufficient staff to manage multiple and priority CFS in patrol zones or beats
  • Satisfying both operational and staff needs, including helping to ensure a proper work/life balance and equitable workloads for patrol staff

Scheduling alternatives

One common design issue that presents an ongoing challenge for agencies is the continued use of traditional, balanced work schedules, which spread officer work hours equally over the year. Balanced schedules rely on over-scheduling and overtime to manage personnel allocation and leave needs and, by design, are very rigid. Balanced work schedules have been used for a very long time, not because they’re most efficient, but because they’re common, familiar, and easily understood―and because patrol staff are comfortable with them (and typically reluctant to change). However, short schedules offer a proven alternative to balanced patrol work schedules, and when presented with the benefits of an alternative work schedule design (e.g., increased access to back-up, ease of receiving time off or training, consistency in staffing, less mandatory overtime), many patrol staff are eager to change.

Short schedules

Short schedules involve a more contemporary design that includes a flexible approach that focuses on a more adaptive process of allocating personnel where and when they are needed. They are significantly more efficient than balanced schedules and, when functioning properly, they can dramatically improve personnel deployments, bring continuity to daily staffing, and reduce overtime, among other operational benefits. Given the current climate, most agencies are unlikely to receive substantial increases in personnel allocations. If that is true of your agency, it may be time to explore the benefits of alternative patrol work schedules.

A tool you can use

Finding scheduling strategies that work in this climate requires an intentional approach, customized to your agency’s characteristics (e.g., staffing levels, geographic factors, crime rates, zone/beat design, contract/labor rules). To help guide you through this process, BerryDunn has developed a free tool for evaluating patrol schedules. Click here to measure your patrol schedule against key design components and considerations.

If you are curious about alternative patrol work schedules, our dedicated justice and public Safety consultants are available to discuss your organization’s needs.

Article
Efficient police patrol work schedules―By design

Read this if your company is considering outsourced information technology services.

For management, it’s the perennial question: Keep things in-house or outsource?

For management, it’s the perennial question: Keep things in-house or outsource? Most companies or organizations have outsourcing opportunities, from revenue cycle to payment processing to IT security. When deciding whether to outsource, you weigh the trade-offs and benefits by considering variables such as cost, internal expertise, cross coverage, and organizational risk.

In IT services, outsourcing may win out as technology becomes more complex. Maintaining expertise and depth for all the IT components in an environment can be resource-intensive.

Outsourced solutions allow IT teams to shift some of their focus from maintaining infrastructure to getting more value out of existing systems, increasing data analytics, and better linking technology to business objectives. The same can be applied to revenue cycle outsourcing, shifting the focus from getting clean bills out and cash coming in, to looking at the financial health of the organization, analyzing service lines, patient experience, or advancing projects.  

Once you’ve decided, there’s another question you need to ask
Lost sometimes in the discussion of whether to use outsourced services is how. Even after you’ve done your due diligence and chosen a great vendor, you need to stay involved. It can be easy to think, “Vendor XYZ is monitoring our servers or our days in AR, so we should be all set. I can stop worrying at night about our system reliability or our cash flow.” Not true.

You may be outsourcing a component of your technology environment or collections, but you are not outsourcing the accountability for it—from an internal administrative standpoint or (in many cases) from a legal standpoint.

Beware of a false state of confidence
No matter how clear the expectations and rules of engagement with your vendor at the onset of a partnership, circumstances can change—regulatory updates, technology advancements, and old-fashioned vendor neglect. In hiring the vendor, you are accountable for oversight of the partnership. Be actively engaged in the ongoing execution of the services. Also, periodically revisit the contract, make sure the vendor is following all terms, and confirm (with an outside audit, when appropriate) that you are getting the services you need.

Take, for example, server monitoring, which applies to every organization or company, large or small, with data on a server. When a managed service vendor wants to contract with you to provide monitoring services, the vendor’s salesperson will likely assure you that you need not worry about the stability of your server infrastructure, that the monitoring will catch issues before they occur, and that any issues that do arise will be resolved before the end user is impacted. Ideally, this is true, but you need to confirm.

Here’s how to stay involved with your vendor
Ask lots of questions. There’s never a question too small. Here are samples of how precisely you should drill down:

  • What metrics will be monitored, specifically?
  • Why do the metrics being monitored matter to our own business objectives?
  • What thresholds must be met to notify us or produce an alert?
  • What does exceeding a threshold mean to our business?
  • Who on our team will be notified if an alert is warranted?
  • What corrective action will be taken?

Ask uncomfortable questions
Being willing to ask challenging questions of your vendors, even when you are not an expert, is critical. You may feel uncomfortable but asking vendors to explain something to you in terms you understand is very reasonable. They’re the experts; you’re not expected to already understand every detail or you wouldn’t have needed to hire them. It’s their job to explain it to you. Without asking these questions, you may end up with a fairly generic solution that does produce a service or monitor something, but not necessarily all the things you need.

Ask obvious questions
You don’t want anything to slip by simply because you or the vendor took it for granted. It is common to assume that more is being done by a vendor than actually is. By asking even obvious questions, you can avoid this trap. All too often we conduct an IT assessment and are told that a vendor is providing a service, only to discover that the tasks are not happening as expected.

You are accountable for your whole team—in-house and outsourced members
An outsourced solution is an extension of your team. Taking an active and engaged role in an outsourcing partnership remains consistent with your management responsibilities. At the end of the day, management is responsible for achieving business objectives and mission. Regularly check in to make sure that the vendor stays focused on that same mission.

Article
Oxymoron of the month: Outsourced accountability

Your government agency just signed the contract to purchase and implement a shiny new commercial off-the-shelf (COTS) software to replace your aging legacy software. The project plan and schedule are set; the vendor is ready to begin configuration and customization tasks; and your team is eager to start the implementation process.

You are, in a word, optimistic. But here comes the next phase of the project—the gap analysis, in which your project team and the vendor’s project team test the new software to see how well it fulfills your requirements. Spending sufficient time and energy on the gap analysis increases the likelihood the resulting software is configured to support the desired workflows and processes of the agency, while taking advantage of the software’s features and benefits. Yet this phase can be stressful because it will identify some gaps between what you want and what the software can provide.

While some of the gaps may be resolved by simple adjustments to software configuration, others may not—and can result in major issues impacting project scope, schedule, and/or cost. How do you resolve these major gaps?

Multiple Methods. Don’t let your optimism die on the vine. There are, in fact, multiple ways to address major gaps to keep you on schedule and on budget. They include:

Documenting a change request through a formal change control process. This will likely result in the vendor documenting the results of the new project scope. This, in turn, may impact the project’s schedule and cost. It promotes best practice by formally documenting approved changes to project scope, including any impact on schedule and cost. However, the change request process may take longer than you may originally anticipate, as it includes:

Documenting the proposed change
Scoping the change, including the impact on cost and schedule
Review of the proposed scope change with the project team and vendor
Final approval of the change before the vendor can begin work

Collaborating with the vendor on a solution that fits within the confines of the selected software. With no actual customization required, this may result in a functionality compromise, and may also involve compromise by the project team and the vendor. However, it does not require a formal process to document and approve a change in scope, schedule or cost, since there are no impacts on these triple constraints.

Collaborating with the vendor and internal project stakeholders to redefine business processes. This may or may not result in a change request. It also promotes best practice, as the business processes become more efficient, and are supported by the selected software product without customization. This will require a focus on organizational change management, since the resulting processes are not reflective of the “way things are done today.”

Accepting the gap—and doing nothing. If the gap has little or no impact on business process efficiency or effectiveness, this method is likely the least impactful on the project, as there are no changes to scope, schedule, or cost. However, the concept of “doing nothing” to address the gap may have the same organizational change ramifications as the previous point.

Of course, there are other methods for addressing major software gaps. The BerryDunn team brings experience in facilitating discussions with agencies and their vendors to discuss gaps, their root causes, and possible solutions. We leverage a combination of project management discipline, organizational change management qualifications, and deep expertise to help clients increase the success likelihood for COTS software implementations—while maintaining their vital relationships with vendors.

Article
Grappling with software gaps

People are naturally resistant to change. Employees facing organizational change that will impact day-to-day operations are no exception, and they can feel threatened or fearful of what that change will bring. Even more challenging are multiyear initiatives where the project’s completion is years away.

How can your agency or organization help employees prepare for change—and stay motivated for an outcome—many years in the making?


Start With the Individual

Organizational change requires individual change. For the change to be successful and lasting, an agency should apply organizational change management strategies that help lead people to your desired outcome.

With any new project or initiative, people need to understand why the project is happening before they support it. Communicate the reasons for the change—and the benefit to the employee (what’s in it for them)—so each individual is more inclined to actively support the project. Clearly communicating the why at the onset of the project can help employees feel vested in, and part of, the change. As Socrates said, “The secret of change is to focus all your energy, not on fighting the old, but building the new.” A clear vision can inspire each employee’s desire for the “new” to succeed.

Shift to Individual Goals

It’s a challenge to maintain your employees’ motivation for an organizational change occurring over the long haul. Below are some suggestions on how to sustain interest and enthusiasm for multi-year projects:

  1. Break the project down into smaller, specific milestones. Short-term goals highlight important deadlines and create tangible progress points to reach and celebrate. The master project schedule should be an integration of the organizational change management plan and the project management plan so any resource constraints you identify in the project management plan also become an input when identifying change management resources and activity levels. This integration also highlights the importance of key organizational change management milestones and activities in an effort to ensure they are on a parallel tack as traditional project tasks.
  2. Effectively communicate status updates and successes. In large, agency-wide projects, there are often a variety of stakeholders, each with different communication expectations and needs. The methods, content, and frequency of communication will vary accordingly. Develop a communications strategy as part of your organizational change management plan, to identify who will be responsible to send communications, when and how they will be sent, key messages of the communications, and what feedback mechanisms are in place to continue the conversation after initial delivery. For example, the project team needs a different level of detail than the legislature, or the public. Making the content relevant to each stakeholder group is important because it gives each group what they need to know so they don’t drown in a flood of unneeded information.
  3. Create buy-in by involving employees. A feeling of ownership naturally results from participation in a project, which helps increase enthusiasm. Often the time to do this is when discussing changes to business processes. Once you determine the mandatory features of the future state, (e.g., financial controls, legal requirements, legislative mandates) consider including stakeholder feedback on decisions more focused on preference. It is important for stakeholders to see their suggestions accepted and implemented, or if not implemented, that there was at least a structured process for thoughtfully considering their feedback, and a business case for why their suggestions didn’t make it into the project.
  4. Conduct lessons learned assessments after each major milestone. The purpose of conducting lessons learned activities is to capture what worked and what didn’t. Using surveys or other feedback systems, such as debrief meetings, allows stakeholders to voice their thoughts or concerns. By soliciting feedback after each milestone, leadership can quickly adapt to challenges, address any misunderstandings or concerns, and capitalize on successes.
  5. Reinforce how the project meets the goals of the agency or organization. Maintaining enthusiasm and support for a long-term goal takes a constant reminder of the overall organizational goals. It is important for senior leadership to communicate the impact of the project on the agency or organization and to stakeholders and keep the project at the forefront of people’s minds. Project goals may change during the duration of the project, but the project sponsor should continue to be active and visible in communicating the goals and leading the project.

Change is difficult—change that is years in the making is even more challenging. Applying a structured organizational change management process and using these tips can help keep employees energized and help ensure you reach the desired project goals.

Article
Change management: Keeping employees motivated during multiyear projects

Private-sector pundits love to drone on about drones! Also known as Unmanned Aircraft Systems (UASs), drones are dramatically altering processes and increasing opportunities in the for-profit world. There is no doubt that these changes and resulting benefits are helping to increase drone usage; in March 2017, technology news website Recode reported that since December 2015 almost 800,000 drones had been registered with the Federal Aviation Administration (FAA).

Yet private businesses don’t operate all 800,000. Various government organizations have seen the value of UASs—especially local government agencies—and are using them. Public safety departments are using UASs to reduce risk and increase situational awareness during hostage negotiations, SWAT operations, search and rescue, firefighting, accident investigations, hazardous material situations, and disaster surveillance. Many use drones to quickly (and inexpensively) document projects, survey land, and create maps. As officials in places such as Appleton, Wisconsin know, the possibilities of drone usage by local governments are endless.

Still, drone technology remains relatively new, and navigating the regulatory environment can be difficult. As a result, establishing a local government UAS program is time-consuming and full of obstacles. Local officials have many questions, including:

  • How can we establish drone programs that meet regulatory requirements?

  • How do we inform and educate constituents about drone programs?

  • What is the typical budget for a local government drone program?

  • How can we determine if we can operate as civil users under FAA Part 107, or as public aircraft operators?

  • What are general best practices for local government drone use?

Daunting, certainly, but help is here. We have assisted local governments for over two decades, and have developed a comprehensive drone program that we can tailor to meet individual agency needs. We can assist in establishing requirements, develop a concept of operations, write policy, conduct FAA filings, and, if desired, provide training for public aircraft operators.

A further benefit to local governments: BerryDunn is not affiliated with any drone manufacturer, and does not sell hardware or software. Our independence allows us to conduct a truly objective analysis and provide drone program recommendations that are in your best interest.

Article
Prize in the sky: Creating drone programs for local governments

Good Practices Are Not Enough

When it comes to IT security, more than one CEO running a small organization has told me they have really good people taking care of “all that.” These CEOs choose to believe their people perform good practices. That may be true, but who defines good practices and how they administer them? And when? If “security is everyone’s job,” then nobody is responsible for getting specific things done. Good practices require consistency, and consistency requires structure.

From an audit perspective, a control not written down does not exist. Why? Because it can’t be tested, measured, or validated. An IT Auditor can’t assess controls if they were never defined. Verbal instruction carries by far the most risk. “I told him to do that,” doesn’t pass the smell test in court.

Why Does it Matter?

Because it’s not IT’s job to write policies. Their job is to implement IT decisions made by management. They’re not at the right level to make decisions that impact the entire organization. Why should small organizations concern themselves with developing policies and procedures? Here are two very good reasons:

1. Regulatory Requirements
2. Lawsuits

No matter how small your organization, if you have a corporate network (even cloud-based) and you store credit card transactions, personal health information, client financial information or valuable intellectual property, being aware of state and federal regulatory requirements for protecting that information is vital. It is the responsibility of management to research and develop a management framework for addressing risk.

Lawsuits happen when information is stolen and/or employees are terminated for inappropriate activities. If you have no policies that mandate what is and isn’t acceptable, and what the penalties are for violations, your terminated employee has grounds for a wrongful termination lawsuit: policy should not be written by the IT Department.

If confidential data you are responsible for is stolen and clients sue you, standing up in court and saying “We don’t have any written policies or procedures,” is a sure way to have both significant financial losses and a negative impact on your reputation. For a small organization, that could mean going out of business.

Even if data is stolen from a third-party vendor who stores your data, your organization owns the data and is responsible for ensuring the data is secure with the vendor and meets organizational requirements. Do you have a vendor management policy? If you work with vendors, you need one.

Consider, too, that every organization expects to grow its business. The longer management doesn’t pay attention to policies and procedures, the more difficult it becomes to develop and implement them.

Medium and Large Organizations Need to Pay Attention, too

A policy document provides a framework for defining activities and decision-making by everyone in the organization. A policy contains standards for the organization, and outlines penalties for non-performance. The organization’s management team or board of directors must drive their creation.
Policies also maintain accountability in the eyes of internal and external stakeholders. Even the smallest organization wants their customers and employees to have confidence the organization is protecting important information. By defining the necessary controls for running business operations that address risk and compliance requirements (and reviewing them annually), your management team demonstrates a commitment to good practices.

Procedures are the “How”

Procedures don’t belong in a policy. Departments need to be able to design their own procedures to meet policy requirements and definitions. HR will have procedures for employee privacy and financial information, finance must manage credit card, student, banking or client financial documentation, and IT will need to develop specific technical procedures to document their compliance with policy.

If all those procedures are in a policy, it makes for unwieldy policy documents that management must review and approve. Departments need to change and update their procedures quickly in order to remain effective. For example, a policy may mandate the minimum number of characters in a password, but IT needs to develop the procedures to implement that requirement on many platforms and devices.

What is a “Plan” Used For?

Consider that organizations commonly have a Business Continuity Plan as well as an Incident Response Plan. How is a “plan” different from a policy or procedure?

A plan (for example, an Information Security Plan, or Privacy Plan, etc.) is a collection of related procedures with a specific focus. I have seen these collections called “programs,” but most organizations use “plan” (plus, the Federal government uses that term). The term “program” implies a beginning and an end, as well as tending to be a little too generic (think “School Lunch Program”).

Three Ways Not to Develop Policies, Procedures and Plans

1.

Getting templates from the Internet. Doing a Google search delivers an overwhelming number of approaches, examples and material. Policy templates found online may not be applicable to your organization’s purpose, or require so much editing they defeat the template’s purpose. 

2.

Alternatively, going to organizational peers can endlessly replicate one poorly developed approach to documentation.

3.

Writing policies and procedures totally focused on meeting one regulatory requirement frequently necessitates a total re-write as soon as the next regulation comes along.

Consider the Unique Aspects of Your Organization

What electronic information does your organization consider valuable? During an assessment with a state university, we discovered that the farm research the agriculture school was performing was extremely valuable. While we started out with questions about student health and financial information, the university realized the research data was equally critical. The information might not have federal or state regulations attached to it, but if it is valuable to your organization, you need to protect it. By not taking a one-size fits all approach to our assessment, we were able to meet their specific needs.

Multiple Departments or Locations? Standardize.

Whether your organization is a university, non-profit organization, government agency, medical center or business, you frequently have sub-entities. Each sub-entity or location may have different terms for different functions. For example, at a recent engagement for another university, Information Security “Programs,” “Plans” and “Policies” meant different things on different campuses. This caused confusion on the part of all stakeholders. It also showed a lack of cohesion in the approach to security of the university as a whole. Standardizing language is one of the best ways to have everyone in the organization on the same page, even if the documents are unique to a location, agency or site. This makes planning, implementation, and system upgrade projects run more effectively.

Demonstrate Competence

No matter what terms your organization chooses, using consistent terms is a good way to demonstrate a thoughtful approach. Everyone needs to be talking the same language. Having documents that specify management decisions provides assurance to internal and external stakeholders. Good policies, procedures and plans can mean the difference between a manageable crisis and a business failure.

To receive IT security updates, please sign up here.

Article
Policies, procedures, and plans—defining the language of your organization