Welcome » IT Booklets » Operations » Risk Mitigation and Control Implementation » Policies, Standards, and Procedures » Procedures
Procedures describe the processes used to meet the requirements of the institution's IT policies and standards. Management should develop written procedures for an institution's critical operations. Procedures establish accountability and responsibility, provide specific controls for risk management policy guidance, define expectations for work processes and products, and serve as training tools. Because of the value procedures provide to these areas, management should update and review written procedures regularly. Updating written procedures is particularly important when processes, hardware, software, or configurations change.
The scope of required procedures depends on the size and complexity of the institution's IT operations and the variety of functions performed by IT operations. Examples of activities or functional areas where written procedures are appropriate include: