In his recent book entitled The Road Ahead, Microsoft Chairman Bill Gates argued that government should get out of the standards setting business. He states, "Sometimes governments or committees set standards intended to promote compatibility. These are called 'de jure' standards and have the force of law. Many of the most successful standards, however, are 'de facto': ones the market discovers ... they work, and most customers will stick with those standards unless something dramatically better comes along."

Are Gates' points correct? Should standards be driven by de facto processes, where consumers choose the winners? Or conversely, is there a role for de jure standards, where standards-setting bodies like the IEEE and ANSI establish protocols and practices around which a variety of organizations can develop systems?

In rapidly changing information technology, it has most often been the case that standards have followed innovation, in a process akin to Gates' de facto model. However, within organizations struggling to adopt and utilize information technology, a de facto model may not be most efficient. Nor may it be possible, given resource constraints, to decentralize decision making about information technology.

The following explores some of the uses and reasons for internal organization and enterprisewide standards and policies, and discusses standards within a broader context.

ENTERPRISEWIDE IRM STANDARDS

By settling on a limited number of standards based on open systems principles, states can move agencies and partners toward an environment where information can be easily shared and manipulated across traditional agency boundaries. Within agencies, standards can also assist in information exchange, as well as helping develop key infrastructures such as e-mail and communications networks necessary to support intra-agency communications. In addition, standardization can improve the purchasing power of government and decrease governmental costs in the procurement arena, since requests for proposals can be streamlined and mass purchases negotiated based on established standards.

On the other hand, standardization without constant monitoring and modification to respond to the rapidly changing landscape of information technology can leave the enterprise in a backwater created by overly rigid standards. For instance, the Connecticut strategic plan references the Government Open Systems Interconnection Profile (GOSIP) as an example of federal government standards which support interconnectivity. Unfortunately, the GOSIP standard was mandated for adoption by federal government agencies and then hastily withdrawn when it was determined that full support of GOSIP would entail significant additional costs for government agencies and vendors.

To deal with the problem of balancing standardization and change, some states have identified levels of standardization such as Present Standards, Interim Standards and Strategic Directions. This recognizes the distinction between standards which have "stood the test of time" and are well embedded in products and information architectures, and those developing standards toward which the industry is moving.

ENTERPRISEWIDE IRM POLICIES

The establishment of a strategic direction for information resource management involves more than the standardization of information technology architectures. It also requires clear policies for the management, use and sharing of information.

Information policies can cover a broad range of information resource management issues including implementation, business and management activities, access to information, software control, Internet security, network connectivity and project management software standards. In New York, the state Archives and Records Administration's record retention policies, advisory documents regarding the legal admissibility of electronic records, and proposed e-mail standards serve as excellent models of enterprisewide policies.

Like IT standards, policies vary depending on the level to which agencies are required to adhere to their strictures. For instance, legislation might mandate certain policies (such as freedom of information requirements). Certain standards may also be mandated by the actions of policy-setting bodies. On the other hand, policies for which there is no current consensus as to the appropriateness for general applicability can be labeled as "advisory," or "guidelines," similar to the establishment of different