User:Mac6565/Process and procedures
Process and Procedures Documentation Hierarchy
[edit]In regulated industries, such as banking or pharmaceuticals, many aspects of the back office functions, particularly IT, are being asked to establish process and procedures to control, document, standardize, and record activities. At a minimum, this frequently starts with change control and access control. From there, a number of layers of activities must be categorized and detailed to the point where anyone off the street, given proper authority, could perform such tasks.
It’s important to understand the process hierarchy to efficiently document company activities.
A policy states what the company will do: “All employees and business partners will require a password to access company assets.”
A standard specifies the degree to which the policy is held: “Pursuant to Company Policy 01, Passwords will be issued the first day of employment. Passwords will be 8-10 characters in length and be kept secret by the employee. Passwords are to be changed every 90 days.”
A procedure or standard operating procedure (SOP) outlines the process followed to carry out the standard: “Pursuant to Company Standard 001, Passwords are generated by the Identification Management team within 24 hours of notification that an individual has been hired. Initial password generation is done using the ABC method for random generation. Passwords are stored in XYZ repository which is locked down as described in Company Policy 999. Individuals are prompted to change their password by System Tool 000.”
A work instruction details the how of each item outlined in the governing procedure:
“Passwords are to be generated and maintained as directed in Company SOP 0001.
To generate a password:
1. Log into the ID Management system. 2. Identify the employee record for which a password is required. 3. Etc.
To store a password:
1. Log into the repository and create a record XYZ. 2. Etc.
To establish prompting of password renewal: 1. Log into the System Tool. 2. Select Options. 3. In the field labeled Renew Password, select 90 days. 4. Etc.”
Using this hierarchy, a well organized system of work instructions and procedures that are easy to reference and maintain will maximize the efficiency and auditability of your company.