Thanks to Joe Pearson to prompt me into one of my all-time interesting debate/discussion once again – and yes, first time on my blog here!

This is a topic discussed and documented by many people at many places.

Here are my views and summarized thoughts on: How to define or differentiate Policy, Process and Procedures.

First of all let us look at a few available definitions of these:

Policy (Definitions – collected from web):

  • A plan or course of action, as of a government, political party, or business, intended to influence and determine decisions, actions, and other matters (Wiki-answers)
  • A course of action, guiding principle, or procedure considered expedient, prudent, or advantageous (Wiki-answers)

( I have a slight problem with both the definitions above – first one: Is Policy a plan/course of action? Hmm not really. Second one: Is Policy a procedure? Hmm Nah! Otherwise these definitions give a pretty big picture on what is Policy).

    Here is one more:

  • A policy is a guiding principle used to set direction in an organization. It can be a course of action to guide and influence decisions. It should be used as a guide to decision making under a given set of circumstances within the framework of objectives, goals and management philosophies as determined by senior management  (Source: Bizmanualz)

One thing is sure, there are different categories of policies in an organizations. Just to list a few:

  • Organizational Policies – HR, Info security, finance etc – These are primarily a set of rules that ‘shall’ be adhered to.
  • Process/Procedure policies – Change management policy, release policy – these contain rules as well as guiding principles within that process/procedure.
  • Technical policies – these are the rules that you set on the technical infrastructure – like firewall policy, system policy, network routing policy etc.

Here, in the context we are in – the second category will be of primary focus. To summarize and move forward – the process policy will drive a set of rules and guiding principles that ‘shall’ be adhered to, while executing the related process(es) and procedure(s).

Process (Definitions – collected from web):

  • A series of actions (or activities) that transforms inputs (or resources) into a desired product, service, or outcome (Source:)
  • A set of interrelated work activities characterized by a set of specific inputs and value-added tasks that produce a set of specific outputs (Source: )

One common outcome from these definitions are process is ‘ a set of interrelated activities that delivers a desired outcome’.

Now, how do we ensure these ‘interrelated activities’ are delivered in a effective, efficient and consistent manner? I believe that is where the role of Procedures’ come.

Procedure (Definitions – collected from web):

  • A set of specific steps that describe how an activity should be carried out, and by whom (Source: )
  • A particular method for performing a task (Source: Wiktionary)

Though there is a larger overlap in the definitions of Process and Procedure (compared to Policy), I think there can be some level of distinction brought in with views like:

  • A process looks at a larger set of tangible deliverables – that is expected by customer or stake holders – like Incident management (which starts at the detection of an incident – till closure of the same).
  • The steps within the process, say Incident classification- need to be done in a consistent way. For that, procedures can be defined – like ‘Incident classification procedure’.
  • While process can be a high-level and target a widers audience (in many-a-case, organization wide), Procedure will be a little more specific, targetting a narrower set of people or functions in the organization.
  • While Process many times still talks about ‘what’ to be done at a task level, procedure might explain ‘how’ – those tasks are to be done.
  • Because of the more specific nature, procedures are liable to more frequent changes/updates compared to the process.

Thus, with a combination of a governing policy and underlying procedures, the Process will become more effective, controlled and consistent.

Any further thoughts/discussions on this is most welcome.