| Home > Solutions > IT GRC > IT Governance and Policy > Control and Policy Mapping |
Control and Policy Mapping |
|
| Favorites |
 |
|
|
|
|
Policy management function plays a very critical role in IT Governance, Risk and Compliance process. Policy function sets the tone and direction of IT organization and helps in alignment with corporate objectives.
Policies and procedures can have inherent risks associated with execution at operations level. For example information security policy can define expected outcome of the policy and how users have to follow them to be compliant. However, isolated policies should be linked with risks and controls to enable real-time reporting on policy compliance. This enables organizations to view IT Governance maturity status and take necessary actions on proactive basis. Controls associated with polices can be automatically monitored for compliance and any weakness associated with them can be notified to the policy manager as "policy violation or non-compliance".
Key Benefits of MetricStream IT Governance Solution
- Define policies and bind with controls and risks to adopt a risk based approach in policy management
- Associate controls for frameworks such as Cobit, ITIL, ISO 38500 and ISO 27002 with policies
- Enable real-time control scorecard reports for a single policy or group of polices
- Enable real-time heat-map reports for frameworks and drill-down to find policy non-compliance issues
|
|
