Difference between revisions of "Policies"
(34 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | {{Breadcrumb|[[Main Page|Home]] > [[Applications]] > [[GRC]] > Governance Management|GRC}} | + | {{DISPLAYTITLE:GRC Policies}}{{Breadcrumb|[[Main Page|Home]] > [[Applications]] > [[GRC]] > Governance Management > Policies|GRC}} |
{{Section| | {{Section| | ||
==Introduction== | ==Introduction== | ||
− | + | Policies are generally established by a board of directors of an organization to set boundaries under which the organization should operate to to keep the company on track and operating efficiently. | |
|}} | |}} | ||
{{Section| | {{Section| | ||
− | == | + | ==Creating a Policy== |
− | + | ||
{{bullet1|Policy|Name of the policy}} | {{bullet1|Policy|Name of the policy}} | ||
− | {{bullet1|Type|The type of policy. (This list can be modified by a user with the [[ | + | {{bullet1|Type|The type of policy. (This list can be modified by a user with the [[GRC_Manager_Roles#Available_Roles|GRC Administrator Role]] under [[GRC Simple Lists]]) }} |
− | {{bullet1|Objective|}} | + | {{bullet1|Objective|The objective of the policy}} |
− | {{bullet1|In-use Target|}} | + | {{bullet1|In-use Target|The target date for when this policy becomes in-use}} |
− | {{bullet1|Next Review Date|}} | + | {{bullet1|Next Review Date|The date when this policy will be up for review}} |
− | {{bullet1|Life Cycle|}} | + | {{bullet1|Life Cycle|Life Cycles are a collection of automated workflows. This list contains life cycles that only relate to Policies. A life cycle can only be selected at the time of creation.}} |
− | {{bullet1|Owner|}} | + | {{bullet1|Owner|The owner of this policy. This will default to the user that created the policy}} |
− | {{bullet1|Risk Register|}} | + | {{bullet1|Risk Register|Select to automatically create a ''Risk Register'' or select that a ''Risk Register'' is not needed. Automatically created ''Risk Registers'' are located in the [[Operational Risk Registers]] within Risk Management. A link between the two are maintained.}} |
− | |||
− | |||
− | |||
− | |||
− | |||
|}} | |}} | ||
{{Section| | {{Section| | ||
− | + | ===Policy Document Management=== | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | === Policy Document Management === | ||
{{bullet1|Manage In|}} | {{bullet1|Manage In|}} | ||
− | {{bullet2|Maintain Document Here|}} | + | {{bullet2|Maintain Document Here|Once the Policy is created an editor is provided to write and maintain the Policy [[#Document|Document within the policy record]].}} |
− | {{bullet2|Maintain Document | + | {{bullet2|Maintain Document in Document Manager|This option will require Hornbill Document Manager to be installed. A document will first need to be created in Document Manager and then linked from the Policy record}} |
− | {{bullet2|Maintain Document with External Reference|}} | + | {{bullet2|Maintain Document with External Reference|A field is provided where a URL to an external document can be specified.}} |
|}} | |}} | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | === | + | ==Manage a Policy== |
− | {{ | + | ===Activity=== |
− | {{ | + | The Activity Stream is provides to allow discussions to take place about the policy. Users are able post notes, comments, discussions, and mention other users. |
− | + | ||
− | + | ===Details=== | |
− | + | The majority of information within the Details is the information that was originally captured when the Policy was created. Two additional fields are available after a Policy is created | |
− | + | {{Bullet1|Status|The status field allows you to select the current state of the Policy. The default statuses include Implementing, In Place, In Use, Planning, Retired, and Under Review. These statuses can be managed within Administration within the [[GRC Simple Lists#Lists|Simple Lists configuration]]}} | |
− | == | + | |
− | {{ | + | {{Bullet1|Authorizing Users|The users that can participate in authorizing changes or progress of this policy}} |
− | {{ | + | ===Document=== |
− | {{ | + | This option is only visible if you have chosen to manage the Policy Document within the Document Record. The option for selecting where to manage the document is found under the Details section of the policy. An inbuilt editor is provided to allow you to document the Policy. |
+ | |||
+ | ===Risks=== | ||
+ | This are the list of [[Risks]] that are associated to this policy. | ||
+ | |||
+ | ===Statements=== | ||
+ | [[Policy Statements]] are a collection of plans and intentions that support the Policy. For example if there was a Password Policy, a Policy Statement might be created for Active Directory minimum password length or password complexity. From this view you can create a new Policy Statement which will be automatically linked to this policy. | ||
+ | |||
+ | ===Tasks and Reviews=== | ||
+ | Here, tasks and reviews can be manually created or they will be automatically created as part of a Life Cycle workflow. | ||
+ | {{Bullet1|Filter by Status|This allows you to filter by the status of the task or review, using the statuses Open, Completed, Authorized, Rejected, Expired, or All.}} | ||
+ | {{Bullet1|Filter by Type|This allows you to filter the list by Tasks, Reviews, or both.}} | ||
+ | {{Bullet1|Create New Review|This option allows you to create a scheduled review for this policy}} | ||
+ | {{Bullet1|Create New Activity|This option allows you to create a task for this policy}} | ||
− | === | + | ===Attachments=== |
− | + | Files such as Word Docs, PDFs, and images can be attached to the Policy. This could include any documentation that supports the policy. | |
− | |||
− | |||
− | === | + | ===Lifecycle History=== |
− | + | If you are running a Life Cycle workflow on your Policy, this area will show the outcomes of the previously complete automations. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
[[Category:GRC]] | [[Category:GRC]] |
Latest revision as of 03:28, 17 February 2022
Home > Applications > GRC > Governance Management > Policies | Index |
Manage a Policy
Activity
The Activity Stream is provides to allow discussions to take place about the policy. Users are able post notes, comments, discussions, and mention other users.
Details
The majority of information within the Details is the information that was originally captured when the Policy was created. Two additional fields are available after a Policy is created
- Status
- The status field allows you to select the current state of the Policy. The default statuses include Implementing, In Place, In Use, Planning, Retired, and Under Review. These statuses can be managed within Administration within the Simple Lists configuration
- Authorizing Users
- The users that can participate in authorizing changes or progress of this policy
Document
This option is only visible if you have chosen to manage the Policy Document within the Document Record. The option for selecting where to manage the document is found under the Details section of the policy. An inbuilt editor is provided to allow you to document the Policy.
Risks
This are the list of Risks that are associated to this policy.
Statements
Policy Statements are a collection of plans and intentions that support the Policy. For example if there was a Password Policy, a Policy Statement might be created for Active Directory minimum password length or password complexity. From this view you can create a new Policy Statement which will be automatically linked to this policy.
Tasks and Reviews
Here, tasks and reviews can be manually created or they will be automatically created as part of a Life Cycle workflow.
- Filter by Status
- This allows you to filter by the status of the task or review, using the statuses Open, Completed, Authorized, Rejected, Expired, or All.
- Filter by Type
- This allows you to filter the list by Tasks, Reviews, or both.
- Create New Review
- This option allows you to create a scheduled review for this policy
- Create New Activity
- This option allows you to create a task for this policy
Attachments
Files such as Word Docs, PDFs, and images can be attached to the Policy. This could include any documentation that supports the policy.
Lifecycle History
If you are running a Life Cycle workflow on your Policy, this area will show the outcomes of the previously complete automations.