Create/Update a Policy
A Policy is the written guidelines your company communicates to its employees about how they execute security strategy.
To create a Policy:
- On the CSM Desktop Client or CSM Browser Client toolbar, select New > New ISMS Policy.
- Provide a description and details.
- Select the assigned team, owner, and business owner.
- Select the Next: Assigned link under Status.
- When the assignees are ready to begin work on the Policy, select the Next: In Progress link under Status.
- Select the projected start and end dates.
- (Optional) Use the ISMS Participants tab in the form arrangement to add additional participants.
- Link to applicable Controls in the ISMS Controls tab. You can also link a Policy to a Control from the Control record.
- Link any other record types that are applicable in their respective tabs.
- In the Overview tab, provide the following Policy details:
- Select the document type and provide a document ID.
- Select the review frequency and provide a document title.
- Provide a document version and select a publish date.
The publish date is the date the Policy document became effective. Revision Date and Review Date fields now display with a date that is based on the review frequency. Dashboards or email notifications can be set up as desired to notify appropriate people of the review date. There are different options when review is initiated:
- Select the Reviewed - No Action Needed button to change the review date to the date that maps to the review frequency. A Journal entry is added identifying the date/time and user who did the review.
- Select the Revise this Policy link under the Actions list. Use this option when a Policy needs to be modified. A new Policy record is created and the current Policy is put into a Retired status and is referenced in a tab.
- Provide a document purpose and document scope.
- Use the ISMS Policy Documents tab to add any additional information about the Policy.
- Once all fields are completed, select the Next: Active link under Status.
Follow these steps to continue creating a Policy, or to update an existing Policy: