"Leadership is the art of getting someone else to do something you want done because he wants to do it." --Dwight D. Eisenhower
As anyone who's spent time in enterprise IT can tell you, gaining upper-management support is just the beginning. Unless you win the hearts and minds of your end users, you might as well use your policies to wrap fish.
If a policy is important enough to develop, why not disseminate it in person? Get out of the data center and explain policies to employees. Sure, this is resource-intensive, but it communicates urgency and allows for dynamic question-and-answer sessions.
Making employees part of the process and putting your money where your mouth is also increase buy-in. Listen to end users' thoughts about policies, adopt sensible ideas and give credit where due. Many companies have reward programs (sometimes through Human Resources) that provide a monetary bonus for the implementation of an idea that helps process or efficiency.
But it's not just about rewarding employees; it's about tying policies back to their self-interest.
"A concept that really works is, 'What's in it for me?,'" says Joe Filer, RackSpace director of corporate security. "It's important to translate your management objective into an employee benefit." For a password policy, for example, remind users that weak passwords open them up to the possibility of impersonation on their work accounts. Keep employee feedback in mind when you're going final on a policy, and be willing to adjust so you gain that crucial mindshare. This avoids a false sense of security and is worth the effort--a bad policy nobody follows may be worse than no policy at all.
Jonathan Feldman Is an nwc contributing editor and director of information services for the city of Asheville, N.C. Previously, He was director of professional services for an infrastructure consulting company. Write to him at [email protected].