Creating a Policy
How to create items in the Policy module
Introduction
Policies can be created one by one using the Web Interface (Actions / Add) or multiple Policies can be imported at once using CSV Imports. In this episode, we will review how policies are created using the web interface and which fields on the form are particularly important.
Before creating documents please make sure you have reviewed this course in detail from the beginning.
Title and Description
The title and description of the document are of course important and most times simply reflect the current name of the document plus some description.
Policy Roles
This is very important to do well, your identification process should have clearly set an owner (Policy Reviewer Contact) for the document you are creating. In the policy module, you have two roles:
- GRC Contact: the person who has an interest in the document to be created in eramba since it addresses a problem
- Policy Reviewer Contact: the team responsible for writing the document and reviewing its content at regular intervals. For example, if the document is a “Network Diagram,” the collaborator could be the “Network Team"
Is very important you have a systematic approach to these roles because you will be using notifications and you want the right people to receive them. We also typically advise the use of groups (as opposed to users, as shown in the screenshot above). Groups can contain more than one user ensuring more chances of getting feedback.
Reviews
As part of the identification process, you should have discussed with the owner when the document was created and most importantly when it will reviewed next time.
When creating policies you will need to tell eramba when the policy was first published and when the next review will take place. This is very important as eramba will create review records based on this future date which could trigger notifications.
Policy Content Type
Your identification process should have clearly discussed where the actual content of the document will be stored. The content of the document can be defined in three ways:
- Attachments (e.g. PDF, Word)
- URL (e.g. SharePoint, wiki, Google Docs)
- HTML Editor (built-in HTML editor)
Further changes to this tab (Version and Document Content) can not be done from the Policy itself but from its reviews. So if you want to change the version or the content of a document you will need to create a new review. This is explained in detail in the coming episodes.
Policy Portal
If the policy portal was enabled this tab will show allowing you to choose if the document should be made public on the portal or not.
Playlist
- Episode 1Introduction to the Policy Module8 mins left
- Episode 2Problem vs. Solution Principle5 mins left
- Episode 3Policy Related Modules1 min left
- Episode 4Typical Policy Questions3 mins left
- Episode 5Policy Portal1 min left
- Episode 6Identifying Policies4 mins left
- Episode 7Creating a Policy2 mins left
- Episode 8Reviewing Policies7 mins left