Aneesh Bhatnagar

2. Policy and Compliance Management Aneesh Bhatnagar Aneesh Bhatnagar Policy & Compliance Management Associate Director – Product

3. Agenda Policy Management Compliance Management

4. Policy • Management

5. Topics Policy Management Product Overview: Key Features Policy Development Policy Maintenance Policy Communication Policy Implementation & Enforcement Reports / Dashboards

6. GRC

7. GRC Policy Management helps set the principles/ rules to guide decisions (set the governance objective & procedures) to achieve compliance on these objectives

8. Policy Management Determine the Need Develop & Maintain Implement & Enforce Communicate

9. Key features of Policy Management Ability to create Inline as well as Document based policies

10. Key features of Policy Management Ability to create Inline as well as Document based policies Ability to link policies/sections to relevant GRCF objects

11. Key features of Policy Management Ability to create Inline as well as Document based policies Ability to link policies/sections to relevant GRCF objects User Configurable workflows

12. Key features of Policy Management Ability to create Inline as well as Document based policies Ability to link policies/sections to relevant GRCF objects User Configurable workflows Audit Trails

13. Key features of Policy Management Ability to create Inline as well as Document based policies Ability to link policies/sections to relevant GRCF objects User Configurable workflows Audit Trails Powerful Policy Search

14. Key features of Policy Management Ability to create Inline as well as Document based policies Ability to link policies/sections to relevant GRCF objects User Configurable workflows Audit Trails Powerful Policy Search Granular Access Controls

15. Key features of Policy Management Ability to create Inline as well as Document based policies Ability to link policies/sections to relevant GRCF objects User Configurable workflows Audit Trails Powerful Policy Search Granular Access Controls Supports for policy management lifecycle

16. Key features of Policy Management Ability to create Inline as well as Document based policies Ability to link policies/sections to relevant GRCF objects User Configurable workflows Audit Trails Powerful Policy Search Granular Access Controls Supports for policy management lifecycle Ability to control the number of copies that can be printed

17. Key features of Policy Management Ability to create Inline as well as Document based policies Ability to link policies/sections to relevant GRCF objects User Configurable workflows Audit Trails Powerful Policy Search Granular Access Controls Supports for policy management lifecycle Ability to control the number of copies that can be printed Automatic conversion of the final policies into PDF along with the header, footer, e-signature & document information

18. Key features of Policy Management Ability to create Inline as well as Document based policies Ability to link policies/sections to relevant GRCF objects User Configurable workflows Audit Trails Powerful Policy Search Granular Access Controls Supports for policy management lifecycle Ability to control the number of copies that can be printed Automatic conversion of the final policies into PDF along with the header, footer, e-signature & document information Sophisticated dashboards to monitor the policy management

19. Key features of Policy Management Ability to create Inline as well as Document based policies Ability to link policies/sections to relevant GRCF objects User Configurable workflows Audit Trails Powerful Policy Search Granular Access Controls Supports for policy management lifecycle Ability to control the number of copies that can be printed Automatic conversion of the final policies into PDF along with the header, footer, e-signature & document information Sophisticated dashboards to monitor the policy management MLS enabled

20. Create Document based policies Any user defined in the first stage (i.e. the author stage) of the lifecycle can initiate a policy creation process Select the lifecycle and the category/ sub-categories Modify the stage level users. Upload the controlled policy document

21. Map it to other GRCContent The author / reviewers can relate a policy with GRCF Objects to set the Policy / Procedures for one or many GRCF Objects

22. Review / Approve Document based policy The Reviewers can access the Policy using the View, Download, Print, Upload Privileges Reviewers can select the reviewers of the next stage based on the appropriate privileges Can have ‘n’ number of stages based on how the lifecycle is setup

23. Create Inline Policy Create a policy in sections. Each section can relate to a GRCF object All the sections will be exported to Word and the Policy Users will get a complete view of the policy The author can choose to send the section to a reviewer / approver

24. Review & Approve Inline Policy Each approver / reviewer will be shown the section that he needs to approve He can choose to approve or reject a section Once all the sections are approved / reviewed, the policy will get published.

25. Policy Maintenance • Major Change - When an existing policy needs to be changed significantly • Minor Change - When an existing policy needs to be undergo a small modification • Policy Obsoletion - When an existing policy goes out-of-date

26. Policy Maintenance : Upversion Option to change the lifecycle while upversioning the policy

27. Policy Maintenance : Change Request Select the Option Change Request. The policy routes through all the stages of the lifecycles and once published will be available to the end users

28. Policy Maintenance : Change Request Policies can be obsoleted by initiating the policy Obsoletion process Obsoleted policies are not available to the end users

29. Policy Communication After a policy is published, the policy can be sent out for Policy Communication. All the policy users of that specific policy will receive an email notification with the link to provide their feedback. The policy users can access the Policy and can either accept or reject the policies The acceptance or rejection of the policy is retained in the system and can be produce as an evidence

30. Policy Attestation The Policy users can either accept a policy or Request for exception and provide their comments The attestation information provided by the policy users are available in the policy management reports

31. Policy Discovery Policy discovery can be done in two ways • Browse – In a windows explorer like tree view • Search – Using the search filters

32. Reports • In-process Policy Documents Report • Approved Policy Documents Report • Obsolete Policy Documents Report • Audit History Report • Policy Management Reports

33. Audit History

34. Dashboards Dashboards for • Policies in the lifecycle • Published Policies • Policy Access • Policy Attestations Provides drill down from each of the dashboards to list additional information like the number of people who have not attested, who have already attested etc. with an option to export these details

35. Multi Lingual Support

36. Multi Lingual Support

37. Regulatory • Changes

38. GRC Intelligence

39. GRC Intelligence

40. Compliance • Management

41. Objectives • Standards • Controls • Compliance • Management • AOC • Processes • Policies • Regulations

42. Questions/ • Procedure • Objectives • Functions • Standards • Controls • Assertions • Auditable Entity • Compliance • Management • AOC • Processes • Evidences • Financial Account • Policies • Regulations • Exceptions • Assets

43. ONE • F L E X I B L E • DATA MODEL

44. Flexible Model that helps test NOT just Controls

45. Leverages Harmonized Content from GRC Library

46. GRC Library linked to your Policies

47. Supports correlation between Controls and Question

48. Integrated with Issue and Action Tracking System

49. Create Adhoc Tests

50. View Prior Test Results whileperforming Tests