I was reading Doug Cornelius post about Compliance Lessons from the Tour de France, well, because I enjoy the Tour, and had to see what sort of compliance lesson was being learned. 😉
I’ll let you go read it yourself rather than try to rephrase Doug’s point, but the last paragraph of his post really jumped out at me.
A rule was broken by almost half the participants but there was no meaningful discipline. How would that work inside your company? If the rule is being broken by that many people, maybe it’s a bad rule?
Let that sink in for a little while. Doug, naturally, is talking about his area of expertise, but the implications are the same for IT security, social networking policies, etc. If half the people who work for you are breaking the rule, maybe it’s time to consider whether the rule has any purpose. Especially if they are actually having to break the rules to do their job more efficiently. If half the people in an organization are routing around an IT policy, the policy is a problem, not a solution.