Good policies should be realizable given existing technology and resources. Technical controls are not always possible. The reason for having subject-matter experts available as one of the IMA governance roles is to provide the needed expertise to ensure that the policy being developed is workable. As you get buy-in from various groups, many of the problems that would keep the policy from being implementable will show up during the review process.

Enforceability requires that the policy have clear guidelines on what to do and that enforcement procedures are clearly spelled out. For example, if enforcing a particular policy requires periodic physical audits of the workplace, then the procedure for conducting the audit and the timetable should be given by inclusion or reference in the policy. Penalties for non-compliance should also be included in the policy where applicable. Creating workable enforcement provisions will usually require having legal and human resource subject-matter experts review and comment on the policy.

The people who have to live by the policies should be able to understand them. Writing good policies requires walking a fine line between formal and informal language. Users often perceive formal language as "stuffy" or "officious." At the same time, informal language ...