Create/Update a Policy

A Policy is the written guidelines your company communicates to its employees about how they execute security strategy.

To create a Policy:

  1. On the CSM Desktop Client or CSM Browser Client toolbar, select New > New GRC Policy.
  2. Provide a name and details.
  3. Select a business owner.
  4. Select the Next: In Progress link under Status (on the Default form).
    Follow the prompts to select assigned team and assigned to.
  5. Follow these steps to continue creating a Policy, or to update an existing Policy:

  6. (Optional) Select the projected start and end dates.
  7. (Optional) Use the GRC Participants tab in the form arrangement to add additional participants.
  8. (Optional) Link to applicable Controls in the GRC Controls tab. You can also link a Policy to a Control from the Control record.
  9. (Optional) Link any other record types that are applicable in their respective tabs.
  10. (Optional) In the Overview tab, provide the following Policy details:
    1. Provide a document purpose and scope.
    2. Select the document type and provide an ID.
    3. Provide a document title and version.
    4. Select the review frequency and publish date.
      The publish date is the date the Policy document became effective. The Revision Date field now displays with a date that is based on the review frequency.
    5. Select a review date.
      You can set dashboards or email notifications as desired to notify appropriate people of the review date. There are different options when you initiate a review:
      1. Select the Reviewed - No Action Needed link (under Actions) to change the review date to the date that maps to the review frequency. CSM adds a Journal entry to identify the date/time and user who did the review.
      2. Select the Revise this Policy link under Actions. Use this option when a Policy needs to be modified. CSM create a new Policy record and the current Policy is put into a Retired status and is referenced in a tab.
    6. Use the GRC Policy Documents tab to add any additional information about the Policy.
  11. Once you complete the fields, select the Next: Active link under Status.