IT Policy Management
Effectively managing IT policies, standards and guidelines and ensuring awareness is critical for good IT governance. The first thing regulators and auditors want to see is how an organization defines its adherence to requirements based on how policies and procedures and managed.
MetricStream provides a flexible framework to streamline creation and management of IT policies to facilitate accountability and foster communication. The policy management software solution enables companies to adopt an electronic and automated approach to development, maintenance, and communication of policies and procedures across the enterprise.
The web-based system provides a central repository to store and organize IT policy and procedure documents. Integrated collaboration and workflow tools can be used to access, create, modify, review, and approve policy and procedure documents globally in a controlled manner. Built-in tools support policy implementation, acceptance, exception tracking and mapping of policies to compliance requirements. The powerful analytics and reporting capability with graphical dashboards to track each policy from origin to obsolescence gives managers complete visibility into the system to support a culture of IT governance.
MetricStream IT Policy Management Software Solution
Storing and Organizing IT Policies: The MetricStream solution provides a central repository for storing and organizing all types of IT policies based on various templates and classification criteria with automatic or user defined numbering scheme. Policies can be mapped to assets and asset classes. Revision history is maintained and review period or obsolescence rules can be set for all policies. The solution allows multiple users across departments and functions to access and work on a policy development simultaneously. The solution also supports versioning and check-in / check-out functionality for effective change control.
Creating and Reviewing Policies: The solution allows users to create a new or to change an existing IT policy. Tasks for creating, reviewing and approving policies and procedures are assigned based on roles and responsibilities along with due dates for completion. Using collaboration tools, cross-functional teams as well as external users can review policy at the same time to add their comments and instructions, which can then be routed for analysis as per the workflow and process map. Upon completion of the review and the approval process, the policy is published to all relevant stakeholders with appropriate email notifications sent to a predefined distribution list or user groups. Complete revision history is maintained and review period or obsolescence rules can be set for all policies and procedures.
Mapping Policies to Regulations: The solution provides tight integration between the IT policy and procedure repository and the IT compliance, risk and control framework. This includes dynamic links and references between the two as well as change controls and audit trails. IT compliance activities such as a remediation or control redesign may require changes in the policy documentation and users can initiate document changes seamlessly from within the compliance framework. The system also allows users to identify and record any impact of a policy change on the compliance program. The users responsible for design and execution of the affected control, evaluations and tests are notified so that the required changes can be implemented.
Distributing and Accepting Policies: The built-in automatic notification and alert functionality with configurable workflows facilitates policy distribution and acceptance. The system provides the capability to configure and execute surveys, certifications and self-assessments to manage policy distribution and acceptance based on predefined templates and schedules for designated executives. It supports electronic signoffs at departmental and functional levels that roll-up for executive certifications.
Tracking Policy Exceptions: Policy exceptions can be logged and tracked in the system through a comprehensive issue management mechanism. The solution enables companies to establish and follow consistent procedures for exception capture, reporting, task management and status reporting. The solution supports identification and evaluation of exceptions as well as investigation and tracking leading to an elaborate remediation or corrective action process. The powerful analytics and exception reporting functionality with graphical dashboards give managers complete real-time visibility into the policy related issues and provide critical information for reducing the risk of noncompliance with IT policies.
Training and Awareness: MetricStream provides powerful capabilities for enabling training and awareness of IT policies and procedures by bringing together a comprehensive content repository and a framework for simplified training delivery and tracking. The solution ensures that the training requirements are fully met and recorded from a IT compliance policy standpoint as well as provides employees easy access to a variety of training programs that map to various guidance documents, policies, procedures, regulations and standards.
Reports and Dashboards: The MetricStream policy and procedure management software solution provides complete visibility into the IT policy and procedure system with easy status tracking. A transparent system with each policy traceable from any desktop in the organization makes policy and procedure management a predictable and efficient process. Graphical executive dashboards and flexible reports with drill-down capability provide statistics and data by a variety of parameters like policy types, status, audit history, in-process documents, approval cycle times, usage summaries and average review times.
Its intuitive tools for collaboration, policy tracking, training, and mapping policies led us to select MetricStream.