Explain the steps involve in the formulation of information policy, what is the role of each main
stakeholder in the information policy formulation.
Information policies are a set of guidelines and rules that govern the collection, management,
storage, sharing, and use of information within an organization. These policies are designed to
ensure that information is handled in a way that is ethical, secure, and aligned with the
organization's objectives. Information policies typically address a wide range of issues, including
data privacy, data security, data retention, data sharing, and compliance with relevant laws and
regulations. The development and implementation of information policies are essential for
ensuring that an organization's information assets are managed effectively and in accordance
with legal and ethical standards. These policies provide a framework for decision-making and
behavior related to information management and help establish a culture of responsible
information handling within the organization. Information policies may cover areas such as data
Privacy, data Security, data Retention, data sharing, and compliances (Kamariotou and Kitsios,
2023).
The following are the key steps involve in the formulation of information policy.
Assessment of Information needs; first step is to identify the information requirements of the
organization, by considering the criteria such as the type of data, its criticality, and who needs
access or what are the user of that information
Define Objectives; second step must clearly determine the goals and objectives of the
information policy, for example "SUA information and communication technology policy" This
Policy is expected to improve the quality of teaching, learning, research and outreach at the
University using modern approaches enabled by ICT, also ICT will enhance staff-students, staff-
staff and students-students interactions, reduce staff workloads; prepare SUA graduates for
knowledge-based work environments; enhance access to electronic information resources and
library services; and increase the visibility of the University’s research output, among many
other benefits. The Policy is also intended to increase efficiency and effectiveness of the
University’s administrative functions. So the information policy could include ensuring data
�security, promoting transparency, or complying with legal regulations (Mwinami,Dulle and
Mtega, 2023).
Legal and Regulatory Compliance; any policy must be incorporate relevant on laws and
regulations of information management, privacy, and data protection. For example SUA
Information and Communication policy is also consistent with various policy frameworks in
Tanzania that call for integration of ICT in education systems and this get success due to that
policy to follow under legal and regulatory compliance.
Risk Assessment; another step is to evaluate potential risks associated with information
management, including data breaches or unauthorized access also must develop strategies that
will enable to avoid these risks. For example in SUA Information and Communication
technology policy the following risks were determined such as unsecure ICT systems and
institutional data, Lack of reliable data backup and recovery mechanism, inadequate ICT security
procedures, inadequate ICT disaster recovery plans and mechanisms Inadequate terms and
conditions for using University ICT facilities so the strategies developed towards those risks are
Protect ICT systems and institutional data, establish data backup and recovery mechanisms,
develop proper ICT security procedures and disaster recovery plans Ensure that ICT facilities
and services are used by authorized individuals depending on their work and study requirements
ensure that ICT facilities and services are used to carry out legitimate activities(Clemence,
Luamban and Mwantimwa, 2023).
Stakeholder Involvement; stakeholders refer to groups people that have an interest or are
affected by a particular policy decision, the involve of key stakeholders in the policy
development process is may include IT professionals, legal experts, management, and
representatives from different departments. Policy stakeholders play a crucial role in the policy-
making process such as provide input, feedback, and expertise that to help shape the policies.
Their interests, concerns, and perspectives are considered in the development, implementation,
and evaluation of policies. Also stakeholders can influence the design of policies and the
involvement of policy stakeholders helps increase transparency, accountability, and legitimacy in
the policy-making process.
Policy development; refers to the process of creating, formulating, and implementing policies.
Policies are guidelines established by organizations or institutions to guide decision-making and
�direct actions towards achieving specific goals and objectives. Developing a draft policy that
addresses the identified issue or goal. This stage often involves crafting policy objectives and
strategies, defining roles and responsibilities, and considering potential impacts and risks. Also
this involve draft the information policy, through covering different aspects such as data
classification, access controls, data retention, and guidelines for responsible information use.
Training and Awareness; This is important step in policy formulation this involve training
organization important knowledge and skills on those aspects involved in information policy
including management and utilization of information so the implementation of training programs
in policy formulation is to ensure that employees understand the policy and are aware of their
roles and responsibilities in maintaining information security with relevant to information
policies. Training and awareness it might through workshop, seminar as well as online courses.
Implementation Plan; involves developing a clear plan for implementing the information
policy, specific actions and required strategies needed to be in policy, so must considering the
practical steps and timelines for execution.
Monitoring and Enforcement; this involves to processes and to put mechanisms that will help
the implementation of that formulated policies are effectively implemented and adhered to as
well as enforcement of rules and regulations established by information policy, so the
mechanisms aim to monitor compliance with the information policy and to define consequences
for non-compliance and ensure consistent enforcement.so the aim is to ensure that the immerged
information policy achieved.
Review and Update; frequently reviews the information policy in order to ensure its relevance
and effectiveness, also updating it is important so as be able to determine and to adapt changes in
technology, regulations and different organizational needs. For example SUA ICT policy an
overall policy review will be undertaken after every five years or earlier, as need arises.
Communication; also effectively communicate the information policy so as to ensure all
members of organization having awareness on the existing policy, communication help
information policy formulation promotes transparency, inclusivity and informed decision-
making. Also it ensures that policies are well-informed, responsive to the needs of stakeholders,
and aligned with broader societal goals.
�Feedback Mechanism: this involves create a feedback loop for continuous improvement, so this
allows members of an organization to provide input on the policy's effectiveness through
different opinions as well as suggestions regarding to proposed policy. This feedback can help to
identify potential gaps or areas that need further consideration.
The following are the roles of each main stakeholders in the information policy formulation
as follows.
IT Professionals; IT professionals are responsible to understand different technical aspects of
information systems and technologies within the organization. Their main role in information
policy formulation includes providing technical expertise and insights for the feasibility and
practicality of different policy measures. So information technology professional contribute to
identifying potential risks, recommending security measures as well as assessing the impact of
policies on the organization's technology infrastructure.
Management; Management stakeholders such as executives and senior-level managers,
responsible for providing strategic guidance, develop a policy draft as well as decision-making
authority in information policy formulation. Management set the overall goals and objectives,
align policies with organizational strategies and ensure that the policies comply with legal and
regulatory requirements. Also plays a role in allocating resources for policy implementation,
establishing accountability mechanisms, and fostering a culture of information security and
compliance (Ashaye and Irani 2019).
Representatives from Different Departments; also representative of various departments in
in information policy formulation having the role involves assessing how policies impact their
specific operational needs, identifying department-specific risks as well as providing input on
policy proposals. Therefore representatives from different department are among of policy
formulation team that participate in policy review and feedback sessions, also assist in promoting
policy adoption within their respective departments.
Legal Experts; such as internal or external legal counsel include parliament, responsible in
ensuring that information policies comply with relevant laws and regulations. Also provide legal
�advice, conduct legal reviews of draft policies, and identify potential legal risks or liabilities
associated with policy measures as well as contribute to drafting policy language, ensuring
clarity and enforceability, and addressing legal concerns related to data protection, privacy and
intellectual property rights.
Donors; responsible for monitors and implements the policy in collaboration with ministries.
Therefore; through follow under those steps as well as collaboration and coordination among IT
professionals, management stakeholders, representatives from different departments, and legal
experts help to formulate effective information policy and ensure that information policies are
comprehensive, effective, and aligned with the organization's objectives, legal requirements, as
well as operational realities.
�REFERENCES
Ashaye, O. R., & Irani, Z. (2019). The role of stakeholders in the effective use of e-government
resources in public services. International Journal of Information Management, 49, 253-270.
Clemence, O., Luambano, I., & Mwantimwa, K. (2023). Adoption and application of electronic
records systems in higher learning institutions. Information Development, 02666669231158336.
Hudson, B., Hunter, D., & Peckham, S. (2019). Policy failure and the policy-implementation
gap: can policy support programs help? Policy design and practice, 2(1), 1-14.
Kamariotou, M., & Kitsios, F. (2023). Information Systems Strategy and Security Policy: A
Conceptual Framework. Electronics, 12(2), 382.
Mwinami, N., Dulle, F. W., & Mtega, W. P. (2023). The Communication Channels and their
Potential Applicability in Enhancing Agricultural Research Data Sharing among Agricultural
Researchers in Tanzania. LIBER Quarterly: The Journal of the Association of European
Research Libraries, 33(1).
Yusuf, M. O. (2005). Information and communication technology and education: Analyzing the
Nigerian national policy for information technology. International education journal, 6(3), 316-
321.
