“Zombie” rules that lead people to expose their organisation to risk

Zombie rules are those well-intentioned yet obsolete protocols that continue to impede progress long after their owners have left the organisation. People subject to zombie rules are eventually driven to break the rules to get work done … thereby unintentionally exposing their organisation to preventable risk.

Although Halloween is behind us, I want to talk about zombies. Specifically, zombie rules; those policy requirements and regulations that soldier on long after they’ve lost their relevance. Zombie rules are often overlooked as a source of significant vulnerabilities, not because they’re written badly, but because they impede operations; resulting in otherwise good employees seeking ways to circumvent active policy.