Create/Update a Policy
A Policy is the written guidelines your company communicates to its employees about how they execute security strategy.
To create a Policy:
- On the CSM Desktop Client or CSM Browser Client toolbar, select New > New GRC Policy.
- Provide a name and details.
- Select a business owner.
- Select the Next: In Progress link under Status (on the Default form).
Follow the prompts to select assigned team and assigned to.
- (Optional) Select the projected start and end dates.
- (Optional) Use the GRC Participants tab in the form arrangement to add additional participants.
- (Optional) Link to applicable Controls in the GRC Controls tab. You can also link a Policy to a Control from the Control record.
- (Optional) Link any other record types that are applicable in their respective tabs.
- (Optional) In the Overview tab, provide the following Policy details:
- Provide a document purpose and scope.
- Select the document type and provide an ID.
- Provide a document title and version.
- Select the review frequency and publish date.
The publish date is the date the Policy document became effective. The Revision Date field now displays with a date that is based on the review frequency.
- Select a review date.
You can set dashboards or email notifications as desired to notify appropriate people of the review date. There are different options when you initiate a review:
- Select the Reviewed - No Action Needed link (under Actions) to change the review date to the date that maps to the review frequency. CSM adds a Journal entry to identify the date/time and user who did the review.
- Select the Revise this Policy link under Actions. Use this option when a Policy needs to be modified. CSM create a new Policy record and the current Policy is put into a Retired status and is referenced in a tab.
- Use the GRC Policy Documents tab to add any additional information about the Policy.
- Once you complete the fields, select the Next: Active link under Status.
Follow these steps to continue creating a Policy, or to update an existing Policy: