Policy Management

Effectively managing policies, standards, and guidelines, and ensuring awareness about them is critical for good governance. The first thing regulators and auditors want to see is how an organization defines its adherence to requirements, and manages its policies and procedures.

MetricStream Policy Management Solution

MetricStream provides a flexible framework to streamline the creation and management of policies which, in turn, facilitates accountability and fosters communication. MetricStream Policy Management Solution enables companies to adopt an electronic and automated approach to the development, maintenance, and communication of policies and procedures across the enterprise.

The web-based system provides a central repository to store and organize policy and procedure documents. Integrated collaboration and workflow tools help access, create, modify, review, and approve policy and procedure documents globally in a controlled manner. Other advanced tools support policy implementation, acceptance, exception tracking, and mapping of policies to compliance requirements. A powerful analytics and reporting capability with graphical dashboards help track each policy from origin to obsolescence,giving managers complete visibility into the system to support a culture of governance.

Storing and Organizing Policies: The MetricStream solution provides a central repository for storing and organizing all types of policies based on various templates and classification criteria. Policies can be mapped to assets and asset classes,a revision history can be maintained, and a review period or obsolescence rules can be set for all policies. The solution allows multiple users across departments and functions to access and work on policy development simultaneously. It also supports versioning and check-in/ check-out for effective change control.

Creating and Reviewing Policies: The solution allows users to create a new policy, or change an existing one. Tasks for creating, reviewing, and approving policies and procedures are assigned based on roles and responsibilities along with due dates for completion. Using the solution’s collaboration tools, cross-functional teams as well as external users can review policies at the same time, andadd their comments and instructions which can then be routed for analysis as per the organization’s workflow and process map. Upon completion of the review and approval process, the policy is published to all relevant stakeholders with appropriate email notifications. A complete revision history is maintained, and review periods or obsolescence rules can be set for all policies and procedures.

Mapping Policies to Regulations: The solution enables tight integration between the policy and procedure repository and the compliance, risk, and control framework.Dynamic links and references are provided between the two, along with change controls and audit trails. When compliance activities such as a remediation or control re-design require changes in the policy documentation,users can seamlessly initiate these changes from within the compliance framework. The system also allows users to identify and record the impact of a policy change on the compliance program. The users responsible for design and execution of the affected control, evaluations, and tests are notified so that the required changes can be implemented.

Distributing and Accepting Policies: The solution’s built-in automatic notification and alert functionality with configurable workflows facilitates policy distribution and acceptance. The system provides the capability to configure and execute surveys, certifications, and self-assessments to manage policy distribution and acceptance among designated executives. It supports electronic sign-offs at departmental and functional levels which, in turn, rollup for executive certifications.

Tracking Policy Exceptions: Policy exceptions can be logged and tracked in the system through a comprehensive issue management mechanism. The solution enables companies to establish and follow consistent procedures for exception capture, reporting, task management, and status reporting. The solution also supports exception identification and evaluation as well as investigation and tracking, leading to an elaborate remediation or corrective action process. A powerful analytics and exception reporting functionality with graphical dashboards gives managers complete real-time visibility into policy related issues, and provides critical information for reducing the risk of non-compliance with policies.

Training and Awareness: The MetricStream solution simplifiesthe training of policies and procedures by bringing together a comprehensive content repository and a framework for training delivery and tracking. The solution ensures that training requirements are fully met and recorded from a compliance policy standpoint. It also provides employees easy access to a variety of training programs that map to various guidance documents, policies, procedures, regulations, and standards.

Reports and Dashboards: MetricStream Policy Management Solution provides complete visibility into the policy and procedure system, and enables easy status tracking. A transparent system, with each policy traceable from any desktop in the organization, makes policy and procedure management a predictable and efficient process. Graphical executive dashboards and flexible reports with drill-down capabilities provide statistics and data by a variety of parameters such as policy types, status, audit history, in-process documents, approval cycle times, usage summaries, and average review times.