Policy, Process, and Procedure: Why You Need All Three

Written by Nate Josephs

Sr. Systems Engineer/Data Center Manager
You may have heard the statement “Human error is the leading cause of most data center outages.”  An effective way to minimize human error is by implementing three documents: policies, processes, and procedures.  Implementing all three documents minimizes risk by establishing what outcomes are expected, delineating the steps involved to produce the expected outcomes, and explaining in detail how to accomplish those outcomes as they relate to the data center.

Most people understand policies are essentially rules.  However, the difference between processes and procedures can become murky resulting in the two terms being used interchangeably as though they are one and the same.  The following is the first article in a series of four regarding policies, processes, and procedures.  In this article, I will explain the differences between these three documents and the distinct role each must play to minimize human error and ensure uptime of your data center.

Policies are the overarching guidelines, rules, or statements of what outcomes, or activities are expected to occur.  Policies provide staff, vendors, and visitors a clear understanding of what is expected of them regarding the data center. Policies do not provide details explaining how to get something done, nor do they specifically state who is responsible for performing those activities.  Instead, they simply state expectations.  An example of a data center policy may be “A Data Center Facilities Service Request must be submitted in order for IT equipment to be installed within data center server cabinets or network racks”.

Processes are high-level steps required to perform a specific output and who is responsible for completing each step.  Processes ensure outputs conform to policies.  Process steps are mapped out in sequential order starting with inputs/action, followed by intermediate deliverables, and ending with the final output/deliverable.  Each input/action includes the individual, or team responsible for that action.  Processes are often created as workflows and include symbols representing the start, subtasks (actions), who performs them, decision trees, arrows, and outputs.  Here is an example showing a portion of an IT equipment installation process:

Procedures are detailed instructions explaining how to complete an activity.  Procedures are critical in ensuring activities are performed consistently, efficiently, while conforming with best practices to minimize human error.  Data Center activities may include installation, decommissioning, operations and maintenance, security, incidents, emergencies, etc.  Procedures are an invaluable resource for new employees and a great reference tool for experienced employees.  Using the IT equipment installation example above, a procedure for this task would include an in-depth explanation on how to “rack” the equipment, install cables, and create labels.  Pictures and diagrams may also be included to further illustrate how to install equipment.

To reiterate, policies, processes, and procedures each have their own distinct role in preventing human error and ensuring data center uptime.  Policies are the guidelines and rules.  Processes are the high-level steps required to complete a task and who is responsible for completing them.  Procedures are detailed instructions, pictures and diagrams showing how to complete a task.  In the next three articles, I will go into more detail on how to create effective policies, processes, and procedures.

Be sure to check back here soon for the next installment in our series of Policies vs Processes vs Procedures.