The Policies and Procedures module contains overview and detailed information related
to policy approvals, policies, and policy statements.
OverviewThe Policies and Procedures Overview is
contained in the Policies and procedures module and provides an
executive view into compliance requirements, overall compliance, and compliance breakdowns so
areas of concern can be identified quickly. Users with the Compliance Administrator and
Compliance Manager roles view the Policies and Procedures Overview.
Table 1. Policies and Procedures Overview reports in the base system
||Displays the overall compliance of all the controls in the system.
||Displays a breakdown of controls, grouped by owner, category, or
||Displays the total number of controls related to each policy. The chart is
stacked to display overall control compliance status for each policy.
|Control Issues by Policy (Opened Date)
||Displays the number of control issues opened each week, grouped by
||Displays a list of control issues that have been closed with a response value
of accept, meaning the issue was not remediated.
|Total Policy Statements by Policy
||Displays a count of the overall number of policy statements in each policy.
The chart is stacked to display policy statements by type.
My Policy Approvals
My Policy Approvals is contained in the Policy and
Compliance module and contains all policies requiring your approval. Policies
go through an approval process. Compliance managers set the length of time that policies are
valid, ensuring that the team reviews the policy often to affirm its validity. Policies have
a type, such as a policy, procedure, standard, plan, checklist, framework, or template.
Compliance managers catalog and
publish internal policies that define a set of business processes, procedures, and or
catalog the policy statements and generate controls from those policy
Policy statements only reference a single policy, although they can cover multiple
citations from different authority documents. They can be organized into
Note: UCF refers to policy statements as Controls. When UCF is data
is imported, controls are imported into the policy statements table.