Effective policy management and communication form the foundation of a robust Governance, Risk, and Compliance (GRC) program. Although many organizations have written policies and procedures in place, the real benefits come from an automated, centralized, and proactive policy management program. Without such a program, organizations could face policy violations which, in turn, could result in significant fines and penalties, as well as a negative reputational impact.
One of the keys towards building a strong and lasting brand with a unified set of values and vision is to adopt an enterprise-wide approach to policy and document management. Technology can add value by simplifying the policy management process, right from policy creation, to policy attestation, while also helping the organization manage the associated compliance risks.Download Fact Sheet
MetricStream Policy and Document Management App
The MetricStream Policy and Document Management App provides a comprehensive and flexible system to streamline and automate workflows across the policy and document management lifecycle. The app enables organizations to effectively develop and communicate policies to the whole enterprise, or to a specific audience.
Using the app, policy management teams can facilitate a systematic approach towards the creation, review, approval, and communication of policies and other key documents. The app’s federated data model simplifies the process of managing variations in policies at multiple organizational levels. It also helps integrate policies and documents in a central portal that can be accessed across the global organization.
The app brings policies to the front line - wherever they are. Employees can quickly search for relevant policies either from their intranet, chatbot, or any other operational system. This increases policy awareness and first line engagement. The app enables policies to be mapped to compliance regulations and controls, so that compliance gaps can be identified easily. In addition, graphical reports and dashboards provide real-time visibility into the policy and document management process. It also helps in managing policy attestations and exceptions in order to demonstrate policy compliance.
Why MetricStream Policy and Document Management App
Enables a systematic and simplified approach to policy management
Streamlines and strengthens consistency in policy management processes across business units, divisions, and global locations
Minimizes policy management redundancies and inefficiencies
Enhances efficiency by standardizing policy management workflows, including exceptions for each policy category (e.g. IT policies); minimizes redundancies by allowing policy templates to be created and reused with standardized sections and content
Improves Audit Readiness
Helps organizations understand the impact of regulations, risks, controls and exceptions on policies, and accordingly take steps to be audit-ready; provides quick access to all versions of policies at any particular time
Reduces the Risk of Regulatory Fines and Reputational Damage
Helps create policies based on the regulations that matter most, so that when a regulation changes, the associated policies can be quickly identified, updated, and distributed to the right employees - an approach that reduces compliance risks
Delivers an Advanced Search Functionality to Find Policies Easily
Simplifies the search for policy documents based on multiple attributes such as policy title, keywords, author, and creation date; supports intuitive filtering to help users narrow down their search results, and find the desired policy document quickly
Increases Policy Awareness
Helps communicate policies to employees through automated email notifications; enables employee attestations on policies to be easily tracked, reviewed, and linked to regulations as evidence of compliance
Supports Informed-Decision Making
Delivers a comprehensive and in-depth view of policy management processes through advanced reports and dashboards, enabling policy management teams to make informed decisions
M7 Platform Highlights
Engaging and Personalized User Experience
Makes policy management processes simple, context-sensitive, and personalized to each user; facilitates an intuitive and engaging user experience
Supports app configurations and extensions in an upgrade-safe and scalable manner through the MetricStream AppStudio configuration framework; helps the organization adapt to change quickly
Mobility and Layering
Provides a responsive interface that allows policy management processes to be managed across devices; leverages a REST API integration framework to layer policy management processes over heterogeneous IT systems and business critical infrastructure
Reporting and Analytics
Delivers powerful visualization tools and analytics to manage and monitor policy management trends, data relationships, and actions in real time across the extended enterprise
Lean and Robust Architecture
Is built on a lean, modern, scalable, and extensible architecture that enables the global digital enterprises of today to seamlessly scale up and support new users, while also adding new apps and solutions to meet changing organizational needs
The MetricStream Policy and Document Management App provides the following functionalities:
Access the latest policies through the app’s centralized policy portal, designed with a simple, modern, and easy-to-use interface. View a brief description of each policy before going through the details. Bookmark policies that require frequent reference, and browse through those that are most frequently accessed or have been recently published. Identify the latest announcements on policy or organizational updates. Note all policies that require attestations.
Quickly search for policies applicable to you from wherever you are with policy search widgets that can be plugged into your intranet, conversational chatbot or any other tool of your choice. Search for policies based on attributes, content, author, and other parameters. Configure additional criteria to save search results. The app's intelligent search shows up the policies that are related to the policy that is being searched for. The search also considers the related risk and compliance aspects. Mark policies and documents as favorites, enabling them to be accessed quickly. Browse policies and documents in a structured manner through a pre-defined hierarchy of categories and sub-categories.
Simplify policy creation and collaboration using the app’s built-in automated workflows. Create policies by entering general mandated information into the system (e.g. policy name, category, description, effective dates), and uploading an existing attachment. Alternatively, create the policy inline within the app itself by leveraging Microsoft word capability. Each section of the policy can be edited by using powerful features of Microsoft Word like advanced formatting and track changes. Define policy sections and sub-sections, and easily navigate between different sections using the inline editor.
Establish relationships between policies and compliance requirements, risks, processes, and controls. Create policy templates with a defined structure and content, and reuse these templates whenever required. Policy templates can also be edited using Microsoft Word. Define policy attributes including category, ownership, effective dates, review frequency, and attestation details. Add supporting documents and reference links.
Configure different workflows for different types of policies. Define multiple stages for each workflow, as well as the stakeholders involved and the policy routing options. Assign separate section authors and section approvers, if required. Trigger email notifications to relevant users to keep the policy creation process on schedule. Enable escalations when the due dates for policy review and approval are not met.
Policy-Mapping to Regulations
Strengthen compliance by linking policies or sections of policies to regulations, risks, controls, legal requirements, processes, and organizations. Identify the impact of regulatory changes on policies through the app’s integrated data model. Ensure that policy owners are notified when a regulation mapped to a particular policy is updated. Initiate the required policy changes, and send out automated email notifications and alerts to relevant users, indicating the changes.
Categorize the target audience for a policy based on their roles. Once the policy has been published and scheduled for distribution, send automatic notifications to the target audience. These notifications save time, and keep policy implementation processes on schedule.
Automate the policy retirement process with built-in, configurable workflows. Ensure that retired policies are locked against any edits, and stored in the app’s central repository for future reference. Bypass policy renewal triggers and reminders.
Trigger notifications for policies that require attestations. View attestation tasks on the policy portal. Define all users required to attest to the policies, and enable attestations only after the user scrolls through the entire policy document. Track the status and history of attestations through the app’s reports.
Review and Approval
Trigger policy review and revision cycles through automated notifications and task assignments. Collaborate with other users to review and approve policies or sections of policies. Simplify the review process by listing all policies and documents due for review and approval on the approver’s landing page. Enable reviewers and approvers to add their comments or feedback.
Reports and Dashboards
Monitor policy management activities in real time through a variety of configurable reports and online dashboards. Leverage drill-down capabilities to view policy related statistics based on different parameters such as policy type, status, audit history, in-process documents, average review and approval cycle time, and usage summaries, as well as the policy’s relationships with risks, regulations and controls
Request exceptions for policies directly from the policy portal. Specify the reason for the exception and the duration for which the exception is required. Provide supporting documents to justify the exception. During policy authoring, the exception approval workflow and other exception settings, including the maximum duration for the exception, can be defined for the policy.
Approvers can approve or reject the exception, or seek further clarification. They can also see how the policy (for which the exception is requested) is linked to the regulation, risks, and controls. The linkage gives a clear picture of the risks associated with the policy. Approvers can also provide a risk rating and business impact assessment for the exception.
Trigger notifications at every stage of the exception lifecycle, and track the status of the exceptions in the 'my exceptions' and 'exception list' reports that list all the exceptions requested against policies.