Create or Edit a Policy

Create a Policy for the written guidelines that your organization communicates to its employees about how they execute security strategy. Policies formalize your organizational approach to achieving Control requirements.

To create a Policy:

1.Open the Policy workspace.

2.Select New GRC Policy to create a new Policy.

A blank form opens.

3.Enter the information into the fields as required.

a.

Owner Email and Business Owner Email autopopulate based on the Owner and Business Owner fields.

4.Select Save.

5.In the Details tab, enter the information into the fields as required. You can also add attachments in the Details tab.

6.Use the Policy Documents, Risk Assessments, Audits, Assets, Compliances, Exceptions, and Linked Policies tabs to add supporting materials to the Policy.

You can also use the Control tab to create new Controls.

7.Use the Approvers tab to add users who must approve the Policy. You must specify Approvers before setting the Policy status to Pending Approval. When the Policy is in Pending Approval status, the Approval Vote Tracking tab appears.

a.

Approvers select the appropriate Approval on the Approval Vote Tracking tab and select Approve or Deny.

b.

If all the Approvers approve the Policy, the status changes to Active.

c.

If any Approver denies the Policy, the status changes to Revision Required. The policy originator can go back and make the changes required for approval.

8.Select the Revise Policy button to create a new version of the Policy record. The original Policy record is changed to Retired status, and the cloned Policy is set to Draft.

9.Select Save.

Edit a Policy

To edit a Policy:

1.Double-click a Policy.

2.Change the information as needed.

3.Select Save.