| Closed Loop Content Lifecycle Management |
| Step by step orchestration of content lifecycle for policies, procedures, standards and controls, with virtual teams using voting and collaboration techniques to facilitate consensus |
| Features |
Benefits |
- Workflow manages life cycle to create, modify, draft, edit, review, approve, and publish content
- Imports existing policy documents from Microsoft Word which are parsed, mapped, and loaded into Polaris Knowledgebase
- Edits (i.e. track changes) integrated with Microsoft Word for content development
- Links custom content to regulations
- Publishes detailed instructions enabling IT operations to implement controls and processes
|
- Centralize the management process policy, procedure, and controls life cycle (PLM)
- Reduce cycle time for PLM, with an easy to update and maintain common system of record
- Align policy requirements with business objectives
- Increase quality to design relevant controls (many minds produces a higher quality result)
- Increase commitment and accountability of creators
- Use common taxonomy and definition of policy, procedures and metrics
- Notify users of policy changes by email
|
| Implementation Guidance & IT Risk
Controls and Audit Work Program |
| Role-based work program materials for
IT risk controls programs and audits, tied to relevant subsection of the customers Unified Governance Framework, containing work program, implementation guidelines, technology-build guidance and cookbooks |
| Features |
Benefits |
- Role-based work program materials published to support IT risk controls programs, assessments and audits, tied to relevant subsection of the customers Unified Governance Framework, containing work program, implementation guidelines, technology-build guidance and cookbooks
|
- Create IT Risk control and audit work programs based on content library
- Increase delegation, commitment, and accountability to all IT
risk and operations professionals, auditors and reviewers
- Use common taxonomy and definition of work materials, easily updated and maintained
|
| Automated IT GRC Management with Policy Web Portal |
| Web Portal used for communication and awareness of a published deliverable (policy, control, work program deliverable) that goes through a cycle of review and sign-off/acceptance, providing demonstration of due care and compliance to auditors |
| Features |
Benefits |
- Role-based access to content and reports so users see only what matters to them
- Published policies sent to targeted audience for review and (optional) sign-off
- Verification and tracking of end-user acceptance of published policies
- Components of policy (standards) are stored in a database, and assembled dynamically, then presented based by role, information classification and regulation
- Gap Analysis and traceability maps control objectives bi-directionally from regulatory and governance requirements to controls
|
- Distribute policy content via the policy awareness portal, and reduce exposure due higher awareness
- Demonstrate compliance and 'due care' to auditors through reports linking policies, standards, and controls relevant to specific regulations
- Increase commitment and accountability through a virtual, collaborative approach
- See an accurate picture through monitoring and tracking of policy acceptance
- Use Gap Analysis and traceability to demonstrate due care and completeness of
IT GRC coverage
|
