Archive | Policy & Training Management Solutions


Improving Policies Through Metrics

It is unfortunate that many policies are written and then left to slowly rot over time. What was a good policy five years ago may not be the right policy today. Those out-of-date but still existent policies can expose the organization to risk if they are not enforced and complied with in the organization. Effective […]

Continue Reading 0
Screen Shot 2018-05-17 at 9.19.26 AM

Policy Management Requires Attention

Policies: A Foundation in GRC Strategies Policies are critical to organizations as they establish boundaries of behavior for individuals, processes, relationships, and transactions. An organization must establish policy it is willing to enforce – but it also must clearly train and communicate the policy to ensure that individuals understand what is expected of them. GRC, […]

Continue Reading 0
policy forest

Critical Capabilities & Considerations for Evaluation of Policy & Training Management Platforms

I get a lot of inquiries from organizations looking for policy management platforms. Some for a department focused need (e.g., IT security, health and safety, Human Resources), others for a regulatory need (e.g., GDPR, FCPA), but most for an enterprise policy management strategy spanning the organization as it attempts to gain control of a Wild […]

Continue Reading 0

How to Purchase Policy & Training Management Platforms

Organizations often lack a coordinated enterprise strategy for policy development, maintenance, communication, attestation, and training. An ad hoc approach to policy management exposes the organization to significant liability. This liability is intensified by the fact that today’s compliance programs affect every person involved with supporting the business, including internal employees and third parties. To defend […]

Continue Reading 1

GRC Archetypes: Policy Management

Policy management is the capability to establish, manage, monitor, and enforce policies to reliably achieve objectives, while addressing uncertainty, and act with integrity across the organization (adapted from the OCEG GRC definition). Policies are critical to the organization to establish boundaries of behavior for individuals, processes, relationships, and transactions. Starting at the policy of all policies – […]

Continue Reading 0
Hand sketching Effort-Results graph with black marker. Minimum effort, maximum results.

Benefits of a Policy & Training Management Strategy and Architecture

The organization requires a policy and training management architecture that is context-driven and adaptable to a dynamic and changing environment. Compared to the ad hoc method in use in most organizations today, a policy and training management architecture enables better performance, less expense, and more flexibility.  Core technology capabilities to consider a policy management program […]

Continue Reading 0
Policy Capabilities

Policy Management Information & Technology Architecture

Policy & Training Management Information Architecture The policy and training management information architecture supports the process architecture and overall policy and training management strategy. With processes defined and structured in the process architecture, the organization can now get into the specifics of the information architecture needed to support policy and training processes. The policy and training […]

Continue Reading 0
Effective Policy Mgmt Lifecycle

GRC 20/20’s Effective Policy Management Process Lifecycle

The policy and training management strategy and policy is supported and made operational through the policy and training management architecture.  The organization requires complete situational and holistic awareness of policies and related training across operations, processes, employees, and third party relationships to see the big picture of policy and training performance and risk. Distributed, dynamic, […]

Continue Reading 0

Developing a Policy Management Strategy

Organizations need a coordinated cross-department strategy for managing policies and training programs across the enterprise.  The goal is to develop a common framework and approach so that policies and training are understood and managed as an integrated whole rather than a dissociated collection of parts. Policies and training programs that are managed as dissociated documents, […]

Continue Reading 0
hydra and policies

Policy & Training Management Demands Attention

The Foundational Role of Policies in GRC Strategies Policies are critical to the organization as they establish boundaries of behavior for individuals, processes, relationships, and transactions. Starting at the policy of all policies – the code of conduct – they filter down to govern the enterprise, divisions/regions, business units, and processes. GRC, by definition (, […]

Continue Reading 0