Difference between revisions of "Policies"

Revision as of 21:41, 10 February 2022

Home > Applications > GRC > Governance Management > Policies

Introduction

Policies are generally established by a board of directors of an organization to set boundaries under which the organization should operate to to keep the company on track and operating efficiently.

Creating a Policy

Policy

Name of the policy

Type

The type of policy. (This list can be modified by a user with the GRC Administrator Role under GRC Simple Lists)

Objective

The objective of the policy

In-use Target

The target date for when this policy becomes in-use

Next Review Date

The date when this policy will be up for review

Life Cycle

Life Cycles are a collection of automated workflows. This list contains life cycles that only relate to Policies.

Owner

The owner of this policy. This will default to the user that created the policy

Risk Register

Select to automatically create a Risk Register or select that a Risk Register is not needed. Automatically created Risk Registers are located in the Operational Risk Registers within Risk Management. A link between the two are maintained.

Policy Document Management

Manage In

Maintain Document Here

Once the Policy is created an editor is provided to write and maintain the Policy Document within the policy record.

Maintain Document in Document Manager

Maintain Document with External Reference

Manage a Policy

Activity

The Activity Stream is provides to allow discussions to take place about the policy. Users are able post notes, comments, discussions, and mention other users.

Details

The majority of information within the Details is the information that was originally captured when the Policy was created. Two additional fields are available after a Policy is created

Status

The status field allows you to select the current state of the Policy. The default statuses include Implementing, In Place, In Use, Planning, Retired, and Under Review. These statuses can be managed within Administration within the Simple Lists configuration

Authorizing Users

The users that can participate in authorizing changes or progress of this policy

Document

This option is only visible if you have chosen to manage the Policy Document within the Document Record. The option for selecting where to manage the document is found under the Details section of the policy. An inbuilt editor is provided to allow you to document the Policy.

Risks

This are the list of Risks that are associated to this policy.

Statements

Policy Statements are a collection of plans and intentions that support the Policy. For example if there was a Password Policy, a Policy Statement might be created for Active Directory minimum password length or password complexity. From this view you can create a new Policy Statement which will be automatically linked to this policy.

Tasks and Reviews

Attachments

Lifecycle History

@@ Line 20: / Line 20: @@
 ===Policy Document Management===
 {{bullet1|Manage In|}}
-{{bullet2|Maintain Document Here|}}
+{{bullet2|Maintain Document Here|Once the Policy is created an editor is provided to write and maintain the Policy Document within the policy record.}}
-{{bullet2|Maintain Document Here|}}
+{{bullet2|Maintain Document in Document Manager|}}
 {{bullet2|Maintain Document with External Reference|}}
 |}}
@@ Line 34: / Line 34: @@
 {{Bullet1|Authorizing Users|The users that can participate in authorizing changes or progress of this policy}}
+===Document===
+This option is only visible if you have chosen to manage the Policy Document within the Document Record.  The option for selecting where to manage the document is found under the Details section of the policy.  An inbuilt editor is provided to allow you to document the Policy.
 ===Risks===