Define a GRC policy, standard, or standard operating procedure - Legacy

The tables for standards and standard operating procedures extend the Policy [grc_policy] table and provide the same information. The same procedure applies to defining a policy, a standard, or a standard operating procedures.

About this task

You can use standards and standard operating procedures to apply GRC policies to specific levels or scopes within an organization. For example, a scope can be an installation in another state that is subject to different regulations or a department that has to meet specific requirements.

Procedure

  1. Navigate to one of these locations:
    • GRC > Policies
    • GRC > Standards
    • GRC > Standard Operating Procedures
  2. Click New.
  3. Fill in the fields on the form, as appropriate.
    Field Description
    Number A unique number assigned to the KB article using Number Maintenance.
    Workflow A stage field for how far along the policy is in the drafting process.
    Article type The type of markup used to write the article. Choices are HTML and Wiki.
    Attachment link Indicator that, if selected, opens the attachment rather than opening the policy in the Knowledge Base when the user selects the policy from the Knowledge Base.
    Image An icon to appear next to the policy in the Knowledge Base.
    Pertinent Indicator that determines if a policy is relevant to your organization. By default, this check box is selected. Clear this check box to mark this policy as not pertinent to your organization and to prevent it from appearing in compliance reporting.
    Published Date of publication.
    Valid to A date for the Policy to no longer appear in the knowledge base.
    Parent policy Reference field identifying a policy that is a parent to this policy. You can establish parent/child relationships between policies, standards, and standard operating procedures (SOP).
    Compliance [Read-only] Percentage of compliant control test instances associated with this policy.
    Non compliance [Read-only] Percentage of non-compliant control test instances associated with this policy.
    Roles The user roles required for users to see the article. If empty, everyone can see the policy. Once a role is input, only the selected roles can see the policy.
    Short description [Required] A unique description or title for this policy, standard, or SOP. The system displays this value for selection when you add link policies to a GRC entity record in the Policies related list. Make sure to provide a clear description that differentiates it from other policies, standards, or SOPs.
    Text The text of the policy, written in the appropriate markup language for the specified Article type.
    Additional information Information of any type that is pertinent to this policy.