Policies—which are your organization’s high-level statements of beliefs, goals, and objectives to comply with laws, manage risk, or drive competitive advantage—are not new and have likely been around since you began operating. Your human resources department has created policy on how employees will be evaluated, promoted or rewarded; your facilities department has created a policy on how to physically secure the office building so random people off the street cannot walk in and steal your trade secrets; and, your information technology department has a policy on how to configure your work PC.
It is an accepted norm that your human resources, facilities, and information technology departments have policies but it might be a new realization that your digital presence (i.e., web, social media, mobile applications, etc.) also requires policies. Digital policies protect the organization and its reputation, minimize the negative impact of using digital, and maximize the impact of digital by ensuring certain actions are always performed regardless of the publication channel or individual publishing the content.
If your organization does not have any digital policies, consider starting small by identifying an individual or department that can identify the range of digital policy necessary for the organization. Ideally, this individual or department should be given the authority from executives to determine which policies are required for the organization’s digital program. But if that cannot happen, look to the legal or regulatory department which is often well positioned to ensure that the organization is protected from regulatory or legal risk (or that the organization is accepting ownership in spite of risks because of the business reward that comes with the activity).
By meeting with the steward, or legal or regulatory representative, you can start to identify the types of digital risks—and thus policies—your organization might need in order to steer clear of embarrassing situations, fines, or lawsuits. And since it is the steward’s job (or that of the legal or regulatory department) to address those scenarios, your policy program will have a natural initiation point from which you can start to develop policies.