690 likes | 847 Views
Policy and Compliance Management Aneesh Bhatnagar. Aneesh Bhatnagar. Policy & Compliance Management. Associate Director – Product. Agenda. Policy Management Compliance Management. Policy Management. Topics. Policy Management Product Overview: Key Features Policy Development
E N D
Policy and Compliance Management Aneesh Bhatnagar Aneesh Bhatnagar Policy & Compliance Management Associate Director – Product
Agenda Policy Management Compliance Management
Policy • Management
Topics Policy Management Product Overview: Key Features Policy Development Policy Maintenance Policy Communication Policy Implementation & Enforcement Reports / Dashboards
GRC Policy Management helps set the principles/ rules to guide decisions (set the governance objective & procedures) to achieve compliance on these objectives
Policy Management Determine the Need Develop & Maintain Implement & Enforce Communicate
Key features of Policy Management Ability to create Inline as well as Document based policies
Key features of Policy Management Ability to create Inline as well as Document based policies Ability to link policies/sections to relevant GRCF objects
Key features of Policy Management Ability to create Inline as well as Document based policies Ability to link policies/sections to relevant GRCF objects User Configurable workflows
Key features of Policy Management Ability to create Inline as well as Document based policies Ability to link policies/sections to relevant GRCF objects User Configurable workflows Audit Trails
Key features of Policy Management Ability to create Inline as well as Document based policies Ability to link policies/sections to relevant GRCF objects User Configurable workflows Audit Trails Powerful Policy Search
Key features of Policy Management Ability to create Inline as well as Document based policies Ability to link policies/sections to relevant GRCF objects User Configurable workflows Audit Trails Powerful Policy Search Granular Access Controls
Key features of Policy Management Ability to create Inline as well as Document based policies Ability to link policies/sections to relevant GRCF objects User Configurable workflows Audit Trails Powerful Policy Search Granular Access Controls Supports for policy management lifecycle
Key features of Policy Management Ability to create Inline as well as Document based policies Ability to link policies/sections to relevant GRCF objects User Configurable workflows Audit Trails Powerful Policy Search Granular Access Controls Supports for policy management lifecycle Ability to control the number of copies that can be printed
Key features of Policy Management Ability to create Inline as well as Document based policies Ability to link policies/sections to relevant GRCF objects User Configurable workflows Audit Trails Powerful Policy Search Granular Access Controls Supports for policy management lifecycle Ability to control the number of copies that can be printed Automatic conversion of the final policies into PDF along with the header, footer, e-signature & document information
Key features of Policy Management Ability to create Inline as well as Document based policies Ability to link policies/sections to relevant GRCF objects User Configurable workflows Audit Trails Powerful Policy Search Granular Access Controls Supports for policy management lifecycle Ability to control the number of copies that can be printed Automatic conversion of the final policies into PDF along with the header, footer, e-signature & document information Sophisticated dashboards to monitor the policy management
Key features of Policy Management Ability to create Inline as well as Document based policies Ability to link policies/sections to relevant GRCF objects User Configurable workflows Audit Trails Powerful Policy Search Granular Access Controls Supports for policy management lifecycle Ability to control the number of copies that can be printed Automatic conversion of the final policies into PDF along with the header, footer, e-signature & document information Sophisticated dashboards to monitor the policy management MLS enabled
Create Document based policies Any user defined in the first stage (i.e. the author stage) of the lifecycle can initiate a policy creation process Select the lifecycle and the category/ sub-categories Modify the stage level users. Upload the controlled policy document
Map it to other GRCContent The author / reviewers can relate a policy with GRCF Objects to set the Policy / Procedures for one or many GRCF Objects
Review / Approve Document based policy The Reviewers can access the Policy using the View, Download, Print, Upload Privileges Reviewers can select the reviewers of the next stage based on the appropriate privileges Can have ‘n’ number of stages based on how the lifecycle is setup
Create Inline Policy Create a policy in sections. Each section can relate to a GRCF object All the sections will be exported to Word and the Policy Users will get a complete view of the policy The author can choose to send the section to a reviewer / approver
Review & Approve Inline Policy Each approver / reviewer will be shown the section that he needs to approve He can choose to approve or reject a section Once all the sections are approved / reviewed, the policy will get published.
Policy Maintenance • Major Change - When an existing policy needs to be changed significantly • Minor Change - When an existing policy needs to be undergo a small modification • Policy Obsoletion - When an existing policy goes out-of-date
Policy Maintenance : Upversion Option to change the lifecycle while upversioning the policy
Policy Maintenance : Change Request Select the Option Change Request. The policy routes through all the stages of the lifecycles and once published will be available to the end users
Policy Maintenance : Change Request Policies can be obsoleted by initiating the policy Obsoletion process Obsoleted policies are not available to the end users
Policy Communication After a policy is published, the policy can be sent out for Policy Communication. All the policy users of that specific policy will receive an email notification with the link to provide their feedback. The policy users can access the Policy and can either accept or reject the policies The acceptance or rejection of the policy is retained in the system and can be produce as an evidence
Policy Attestation The Policy users can either accept a policy or Request for exception and provide their comments The attestation information provided by the policy users are available in the policy management reports
Policy Discovery Policy discovery can be done in two ways • Browse – In a windows explorer like tree view • Search – Using the search filters
Reports • In-process Policy Documents Report • Approved Policy Documents Report • Obsolete Policy Documents Report • Audit History Report • Policy Management Reports
Dashboards Dashboards for • Policies in the lifecycle • Published Policies • Policy Access • Policy Attestations Provides drill down from each of the dashboards to list additional information like the number of people who have not attested, who have already attested etc. with an option to export these details
Regulatory • Changes
Compliance • Management
Objectives • Standards • Controls • Compliance • Management • AOC • Processes • Policies • Regulations
Questions/ • Procedure • Objectives • Functions • Standards • Controls • Assertions • Auditable Entity • Compliance • Management • AOC • Processes • Evidences • Financial Account • Policies • Regulations • Exceptions • Assets
ONE • F L E X I B L E • DATA MODEL