Policy Management

Record your Policies, Procedures, Standards, Etc and manage their Reviews

  • Episodes8
  • Duration32m 13s
  • LanguagesEN
Episode 7

Creating a Policy

How to create items in the Policy module

Introduction

Policies can be created one by one using the Web Interface (Actions / Add) or multiple Policies can be imported at once using CSV Imports. In this episode, we will review how policies are created using the web interface and which fields on the form are particularly important.

Before creating documents please make sure you have reviewed this course in detail from the beginning.

Title and Description

The title and description of the document are of course important and most times simply reflect the current name of the document plus some description.

Policy Roles

This is very important to do well, your identification process should have clearly set an owner (Policy Reviewer Contact) for the document you are creating. In the policy module, you have two roles:

  • GRC Contact: the person who has an interest in the document to be created in eramba since it addresses a problem
  • Policy Reviewer Contact: the team responsible for writing the document and reviewing its content at regular intervals. For example, if the document is a “Network Diagram,” the collaborator could be the “Network Team"

Is very important you have a systematic approach to these roles because you will be using notifications and you want the right people to receive them. We also typically advise the use of groups (as opposed to users, as shown in the screenshot above). Groups can contain more than one user ensuring more chances of getting feedback.

Reviews

As part of the identification process, you should have discussed with the owner when the document was created and most importantly when it will reviewed next time.

When creating policies you will need to tell eramba when the policy was first published and when the next review will take place. This is very important as eramba will create review records based on this future date which could trigger notifications. 

Policy Content Type

Your identification process should have clearly discussed where the actual content of the document will be stored. The content of the document can be defined in three ways:

  • Attachments (e.g. PDF, Word)
  • URL (e.g. SharePoint, wiki, Google Docs)
  • HTML Editor (built-in HTML editor)

Further changes to this tab (Version and Document Content) can not be done from the Policy itself but from its reviews. So if you want to change the version or the content of a document you will need to create a new review. This is explained in detail in the coming episodes.

Policy Portal

If the policy portal was enabled this tab will show allowing you to choose if the document should be made public on the portal or not.