(Editor's note: The following is an excerpt from Kristina Podnar's book, "The Power of Digital Policy," reprinted with permission of the author.)

There are many things in life that, while ranking high in importance, are lacking enough in urgency that they never quite bubble up to the top of our to-do lists. Dental visits, exercise, healthy eating ... the list could go on and on. The key is to stop bowing to the “tyranny of the urgent” and to make time for the important things before we blow right past the urgent stage and find ourselves in an emergency. 

That’s a perfect summation of where a lot of businesses are on digital policies. They know that creating thorough digital policies is critical to capitalizing on the opportunities presented by the digital age — while, at the same time, minimizing the risks. But it’s an easy thing to put off, especially amidst the relentless pounding of things like new product campaigns, technical infrastructure upgrades, unhappy customers, the multitude of reporting deadlines, etc. — in short, running the business.

But …

Those urgencies will always be there. As always, it comes down to balance. To that end, I’ve created a quick-and-dirty playbook for creating a set of baseline digital policies in just five days. My consulting experience has taught me that it is a manageable investment for most businesses. It’s intentionally flexible, too — you could do 10 half-days, for example. The important part is the process.

Before You Begin

You’ve probably seen commercials for diet and exercise products that contain a warning like, “Check with your doctor to make sure you’re healthy enough before you try this.” Or advanced college courses that have prerequisites. That’s true here, too. No matter how good the plan is, there are some essential things you must have in place before you begin:


Creating digital policies — which, in essence, comes down to telling people how to do their jobs — isn’t something you can just take on by yourself. You need official authority from above, and that authority must be clearly and repeatedly communicated.


Even if you have the needed authority, you can’t create digital policies by yourself. And, without a mandate, it can be next to impossible to get the necessary stakeholders to make time for a digital policy initiative. Upper management needs to make it crystal clear that, for these five days, the creation of digital policies gets top priority. Ideally, no one would be able to skip out without permission from the C-suite.


Access to decision-makers can spell the difference between success and failure when competing priorities and personalities clash.

create a digital policy in five days

The Plan

Once you have everything in place, the process itself is fairly straight-forward.

Learning Opportunities

Day 1: Prioritization and scope

The program starts with the policy team — the designated policy steward, subject matter experts, digital workers, etc. — meeting to decide exactly what you’re going to do (as well as what you’re going to save for another time ), how it will be done, and who will do it. It starts with prioritizing each issue from a risk vs. opportunity perspective and ends with identifying both action steps and responsible parties.

Days 2 – 4: Policy creation

On days 2 through 4, the individual stakeholders get to work creating the policies they’ve been assigned and participating in a daily check-in meeting (either in person or virtual) to discuss progress. During this stage, the policy director is responsible for leading the meeting and for shaping individual policies so that they’ll eventually form a unified whole.

The daily check-in meetings have three primary goals:

  • Identifying and overcoming obstacles: Whether it’s resistance from a certain department or lack of participation from a particular stakeholder, these meetings are the time to identify both obstacles as well as the resources/actions necessary for overcoming them.
  • Building consensus: The second objective of daily check-in meetings is to discuss the progress made by each policy author, group, or stakeholder. That includes both sharing learnings and offering feedback on decisions that have been made.
  • Looking for gaps: These group discussions are a great venue for identifying gaps -- from stakeholders who have not yet been included to policy implications that have been overlooked. They also lay the foundation for distribution and adoption as those in the room become change agents and evangelists.

At the end of each meeting, the policy steward confirms any decisions that have been made and includes them in the master plan.

Day 5: Assessment and wrap-up

On day 5, the team celebrates progress and identifies work that still needs to be done. That may include:

  • Reviewing the final list of high-priority policies (for most businesses, that comes in somewhere between 10 and 15 policies)
  • Outlining the steps for implementation: Communication, training, compliance monitoring, etc.
  • Beginning policy dissemination, communication, and adoption
  • Getting feedback on the initial set of digital policies and incorporating any learnings into the process going forward
  • Establishing a timeframe for working on the next set of digital policies

Next Steps

The most obvious “next steps” include repeating the process as needed. I’ve found that many businesses decide to come together once per quarter until all essential policies have been addressed. After the initial push, scheduling a policy session every 12–18 months seems to work well, with additional sessions being added as circumstances dictate.

However, it’s important to remember that this is a job that is never truly finished. For one thing, changes in technology and/or business needs may require accompanying changes in policy. What’s even more important, however, is to recognize that developing a set of digital policies is only the first step. Successful implementation also requires a significant investment in change management, from explaining why policies are necessary to giving employees the tools and resources they need to comply. Often, it means doing more listening than talking, as employees tell you what’s working, what’s not working, and why. Mistakes are inevitable, and the people most likely to catch them are the ones who actually do the jobs.

Have you already created a set of digital policies for your organization? If not, this five-day action plan is a great place to start.

Learn how you can join our contributor community.