The following is an excerpt from The Power of Digital Policy

The five-day agile digital policy development approach

Sometimes life simply doesn’t afford you the luxury of developing digital policies in the programmatic way I describe in this book.

Maybe your legal counsel received a letter threatening an accessibility lawsuit. Perhaps a marketing campaign is about to go live in India and the lead is asking for policies to be listed in the website footer. Or maybe you just discovered four new mobile applications that someone created, but they don’t match your branding colors, the naming convention or even how you talk about your organization.

Whatever it is, the details don’t matter. It’s the fact that you suddenly have an urgent situation on your hands, and you need to respond with policies in a short amount of time.

To that end, I’ve created a quick-and-dirty playbook for developing a set of digital policies in just five days. My consulting experience has taught me that it is a manageable investment for most organizations. It’s intentionally flexible, too—you could do 10 half days, for example. The important part is the process.

Before you begin

You’ve probably seen commercials for diet and exercise products that contain a warning like, “Check with your doctor to make sure you’re healthy enough before you try this.” Or you’ve probably seen advanced college courses that have prerequisites. That’s true here, too.

No matter how good the plan is, there are three essential things you must have in place before you begin:


Creating digital policies—which, in essence, comes down to telling people how to do their jobs—isn’t something you can just take on by yourself. You need official authority from above, and that authority must be clearly and repeatedly communicated.


Even if you have the needed authority, you can’t create digital policies by yourself. Without a mandate, it can be next to impossible to get the necessary stakeholders to make time for a digital policy initiative. Upper management needs to make it crystal clear that, for these five days, the creation of digital policies gets top priority. Ideally, no one would be able to skip out without permission from leadership.


Access to decision makers can spell the difference between success and failure when competing priorities and personalities clash.

The plan

Once you have everything in place, the process itself is fairly straight¬ forward.

Day 1: prioritization and scope

The program starts with the policy team—the designated policy steward, subject matter experts, digital workers, etc.—meeting to decide exactly what you’re going to do, what you’re going to do later, how it will be done and who will do it. It starts with prioritizing each issue from a risk versus opportunity perspective and ends with identifying both action steps and responsible parties.

Days 2-4: policy creation

On days 2 through 4, the individual stakeholders get to work creating the policies they’ve been assigned and participating in a daily check¬ in meeting (either in person or virtual) to discuss progress. During this stage, the policy director is responsible for leading the meeting and for shaping individual policies so that they’ll eventually form a unified whole.

The daily check-in meetings have three primary goals:

  • Identifying and overcoming obstacles: Whether it’s resistance from a certain department or lack of participation from a particular stakeholder, these meetings are the time to identify both obstacles as well as the resources and actions necessary for overcoming them.
  • Building consensus: The second objective of daily check-in meetings is to discuss the progress made by each policy author, group, or stakeholder. That includes both sharing learnings and offering feedback on decisions that have been made.
  • Looking for gaps: These group discussions are a great venue for identifying gaps—e.g., stakeholders who haven’t been included, or policy implications that have been overlooked. They also lay the foundation for distribution and adoption as those in the room become change agents and evangelists.

At the end of each meeting, the policy steward confirms any decisions that have been made and includes them in the master plan.

Day 5: assessment and wrap-up

On day 5, the team celebrates progress and identifies work that still needs to be done. That may include:

  • Reviewing the final list of high-priority policies (for most businesses, that’s typically 10–15 policies)
  • Outlining the steps for implementation: communication, training, compliance monitoring
  • Beginning policy dissemination, communication and adoption
  • Getting feedback on the initial set of digital policies and incorporating it into the process going forward
  • Establishing a timeframe for working on the next set of digital policies

Next steps

The most obvious step is to reiterate the process as needed.

I’ve found that many businesses decide to come together once per quarter until all essential policies have been addressed. After the ini¬tial push, scheduling a policy session every 12¬-18 months seems to work well, with additional sessions being added as circumstances dictate. Or you might decide to stop being so reactive and establish a more mature approach to digital policies. That would be an excellent time to jump back into this book, perhaps at the Intermediate stage level?

However you decide to go about next steps, it’s important to remember that policies are never truly finished. For one thing, changes in technology and/or business needs may require accompanying changes in policy. What’s even more important is to recognize that devel¬oping a set of digital policies is only the first step.

Successful implementation also requires a significant investment in change management, from explaining why policies are necessary to giving employees the tools and resources they need to comply. Take another look at chapters 1–3 and get yourself started on the right long-term path to digital policies.