Document the lifecycle of all corporate policies and assign ownership
Link policies to key business areas, assets, controls and risks
Avoid litigation, fines and reputational damage by proving your organisation is policy compliant
Policy management is the process of creating and maintaining policies and procedures within an organisation. A centralised repository where all policies can be created, developed and maintained is critical for effective policy management as it ensures all policies are quickly assessible when needed. Tracking policies manually makes it harder and more time consuming to ensure that they are correct and up to date whereas using a central repository allows for tracking of the whole policy document lifecycle. Policies can be mapped to risks, controls and regulations giving an organisation a clearer view of any potential control gaps in meeting regulatory obligations.
Occasionally organisations may need to raise an exception for a policy, an example of this could be for a legacy application. Organisations need to ensure that exceptions are documented, reviewed and approved to in order to fully demonstrate they are policy compliant. A policy exception should include the rational and evidence to support either the rejection or the acceptance of the exception. An exception is a deviation from the policy and so should be resolved, tools such as STREAM can assign accountability to an exception and/or policy with target end dates which can be notified to users via emails or reports. However, there may be cases where exceptions are long-term or are unable to be resolved, in these cases it is critical for management to properly document this exception with appropriate rationale.
- Create reports on policy status to gain a greater understanding of policy compliance at all areas of the business
- Assign ownership to policies to provide accountability, with tracking across the policy lifecycle, actions and notifications
- Link policies to any area of the business, including assets, risks or controls
- Link multiple documents which can be private or public to policies, risks, controls, actions, and findings
- Raise, track and remediate policy exception requests and assign ownership.
Contact us to discuss your requirements