EUC Policy Template
End User Computing or EUCs, refers to applications that are created by end users to meet a business need. Most commonly, these are Excel spreadsheets but can also be Access databases, AI Models written in Python, R, SQL, SAS or RPT scripts or any program written or developed by an end user. These are also referred to as User Defined Applications (UDAs) or End User Defined Applications (EUDAs).
EUCs are highly risky since they lack the Software Development Life Cycle (SDLC) typically used in the development of an application from Requirements, Planning, Design, Development and various stages of Testing, before the application is finally released for use. In the development of an EUC, all of these phases, to the extent that they even exist, are performed by the same person. Due to their flexibility, availability and ease of use, changes may often be made on the fly without proper impact analysis and testing, resulting in erroneous outputs. Decisions made from these erroneous outputs can result in business losses, reduction in stock price, release of sensitive information, or even reputational loss. Losses from uncontrolled EUCs are reported in newspapers every day.
Therefore, organizations must have a written and well established EUC Policy that governs how EUCs are to be governed and managed to reduce these risks. The Policy must define what the organization considers as an EUC, provide guidance to the end users on how to assess risks posed by an EUC, and establish clear controls to use and manage the EUC based on its risk level.
Based on its 25 years of experience, CIMCON has developed this EUC Policy that can be used as a template to develop your own EUC policy.