How does your organization organize documents such as standards, policies, procedures, etc.?
The UCF team wants your input on how the following organizational documents should be organized in a hierarchy.
To help us understand how better to organize Common Controls that pertain to these documents within our Common Control Hierarchy.
This is the proposed hierarchy of organizational documents.
What contains what?
Organizations create high-level and operational documents to help them operate in a consistent manner to achieve business objectives and goals. Below is a suggestion of how an organization should develop and organization these high-level and operations documents.
- Strategy is on the same level as framework
- Frameworks contain guidelines/standards, policies, measure, and programs.
- Guidelines/Standards contain requirements and specifications.
- Policies are standalone, in that they contain nothing.
- Measures contain methodologies, techniques, systems, and processes.
- Programs contain plans and procedures.
How this Relates to the Common Control Hierarchy
The following table and image describe the parent/child relationships of Common Controls that mandate the establishing and maintaining of organizational documents within the UCF Common Control Hierarchy.
UCF Common Control Hierarchy Visual Representation
So we are all on the same page, here is a list of the documents mentioned and their definitions.
framework: The overall documented structure and template that the organization can use to create and maintain an organizational effort. (It defines the scope, objectives, activities, and structure)
guideline: A documented recommendation of how an organization implement something. (Inspiration for Programs, policies, etc.)
measure: A plan or course of action taken to achieve a particular purpose.
methodology: A particular way of performing an operation designed to produce precise deliverables at the end of each stage.
plan: A step-by-step outline of the processes and procedures to be performed to complete or implement something.
policy: An official expression of principles that direct an organization's operations.
procedure: A detailed description of the steps necessary to implement or perform something in conformance with applicable standards. A procedure is written to ensure something is implemented or performed in the same manner in order to obtain the same results.
process: A particular series of actions or steps to bring about a certain outcome; series of procedures.
program: 1. A structured grouping of interdependent projects that includes the full scope of business, process, people, technology, and organizational activities that are required (both necessary and sufficient) to achieve a clearly specified business outcome.
2. A documented listing of procedures, schedules, roles and responsibilities, and plans to be performed to implement an organizational effort.
requirement: A condition or capability that must be met
specification: A defined set of requirements.
standard: A formalized guideline, directive, or specification whose compliance is mandatory, and whose implementation is deemed achievable, measurable, and auditable for compliance
strategy: A plan of action designed to achieve a long-term or overall aim.
system: A collection of techniques, processes, and technologies implemented while following the documented programs.
technique: The use of a specific technology or procedure to achieve a business outcome in alignment with the organization's methodologies.
Please sign in to leave a comment.