Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Effective Policy Management


Published on

PolicyDOC is a web-based software application to manage corporate policies and procedures, manage policy exceptions, report violations, and measure effectiveness of policies.

Using PolicyDoc, you can manage Information Security and other policies, procedures and policy exceptions. Any changes to policies become instantly available to the end-user population through an intuitive web-based interface. Users can view, search policies, submit exceptions and download updated policy documents straight to their desktop. The policy administrators get comprehensive reports about policy utilization and policy effectiveness.

Published in: Technology, Economy & Finance
  • Be the first to comment

  • Be the first to like this

Effective Policy Management

  1. 1. PolicyDOC POLICY MANAGEMENT PolicyDOC: Creating Business Value
  2. 2. Good Policy Management  To write a good and effective policy, you need to:  Set policy objectives  Creating policy template to ensure all policies follow a standard format  Ensure there is accountability and penalty for non-compliance  Estimate policy implementation cost and get your budget approved  Good policies  Require Executive Support  Must be created in consultation of all stake holders  Must be realistic and achievable  Must be simple and accessible to all stakeholders  Flexible and implement exception process  Promote open, predictable, and transparent business processes Copyright © 2009 – PolicyDOC LLC
  3. 3. Writing Policy Templates  A policy template provides consistency to all policies in an organization and has following: 1. Scope 2. Business Objectives 3. Compliance Objectives, e.g. PCI, SOX, FISMA, etc. 4. Policy Overview 5. Policy sections and subsection 6. Compliance to Policy 7. Roles and Responsibilities 8. References 9. Revision History 10. Definitions 11. Appendices  Policy Sections (the red line above) is the main place to put policy rules, standards, and guidelines  Depending upon your requirement, you can add/remove some sections Copyright © 2009 – PolicyDOC LLC
  4. 4. Not Enough: Create Business Value  Writing good policies is not enough. You must have a system to manage policies with following capabilities:  You should be able to use policies to manage risk  Every stakeholder should have easy access to ALL policies at all time  There should be no version problem (out of sync syndrome). The system should allow all stakeholder to have the same policy  Stakeholders should be able to search for keywords in ALL policies  The system should be able to play a role in education and awareness  There must be a policy exception process  Can a policy be used to measure risk associated with hosts, systems, and projects? The system should ensure risk management and tracking  Can people report policy violations easily? The system should provide a way to handle violation reports  PolicyDOC is a system to enable you create business value of your policies by providing above facilities.  Next slides will provide information about PolicyDOC system Copyright © 2009 – PolicyDOC LLC
  5. 5. PolicyDOC Exception Dashboard Copyright © 2009 – PolicyDOC LLC