GRC 20/20 interacts with a lot of organizations as they evaluate solutions for policy and training management. As the only analyst firm that breaks this functionality out as its own segment of the broad Governance, Risk Management, and Compliance market, we have identified over 100 solutions that do policy and training management. Many of these are very niche and just focus on policies in a specific department or a specific industry, while several are what can be implemented for a consistent enterprise policy management program across the organization.
With an RFP requirement database of over 200 requirements for policy management solutions/platforms, GRC 20/20 breaks the market into basic, competitive, and advanced solutions. Interactions have included working with organizations of all sizes to assist them in their policy management RFPs. This includes a global organization that engaged GRC 20/20 for our RFP requirements in enterprise policy management to evaluate solutions to manage policies in 8 languages to over 160,000 employees across the organization. I have recently been interacting with one global bank as they build their business case for enterprise policy management and look to move forward with an RFP. But interactions also include inquiries with small and mid-sized organizations looking for policy management solutions.
I bring this experience to the table to provide background on the breadth of involvement of GRC 20/20 Research in policy and training management solutions available in the market. The reason is that I want to highlight some of the drivers and trends on how this has changed and what I see organizations are looking for now in the next generation of policy and training management. These can be divided across the following three areas:
- Back-office of policy management. Organizations are looking for that solution that enables the policy management lifecycle from the authoring, approval, communication plans, tracking, monitoring, metrics, and maintenance of policies. One of the key elements I see here that organization are looking for is the collaborative authoring environment. Organizations are looking for that next generation portal that allows multiple authors and editors to be in the document at the same time in a web interface. They want to move away from the document check in and check out approach as that is the old generation of technology and provide real-time collaboration and authoring/editing. There is also a need to manage policies in the context of regulatory change, particularly in financial services and integrate regulatory change and policy management processes. Organizations also desire the ability to manage exceptions, deviations, policy related form development and workflow (e.g., disclosures), and built communication and awareness campaigns on policies.
- Front-office policy and training engagement. Organizations are looking for solutions that are highly intuitive, engaging, and interactive (see graphic above). They want to bring policy and training together into the same portal. Every month I get inquiries from organizations that say their users, particularly millennials, go out to Facebook and can watch a video in Facebook, they don’t have to go out too YouTube to watch a video. That is the way modern technology works and what the want in the next generation policy and training portal. to bring together policy and training/eLearning/LMS into the same portal. They also want portals that are mobile that work on tablets and smartphones. In fact, I have had conversations with several firms that want to use tablets as policy and training kiosks as the bulk of their employees do not have computers issued for work (e.g., retail, hospitality, manufacturing). Intuitive, engaging, and interactive experiences are essential for the policy portal.
- Defensible compliance. One of the primary drivers for policy management solutions in the market is to provide a defensible system of record for all policy interactions from the back-office to the front-office. Regulatory challenges such as UK SMCR, US DOJ Guidelines, US Sentencing Commission Guidelines, US FCPA and more dictate that organizations have operational compliance that is more than paper and are driving compliance programs that include policy and training management. They need a record of activity on what policies were active at what time, who accessed policies, was trained on them, made aware of them. Documents, spreadsheets, and emails do not provide a defensible system of record and organizations are turning toward purpose built compliance and policy/training management platforms to provide this.
This is just scratching the surface on what organizations are looking for and considering in policy and training management solutions. There is a lot more, but this summarizes the general trends in three directions. The ultimate goal is to enable an organization of integrity that can demonstrate that values, ethics, commitments, and boundaries are clearly understood, communicated, and followed. And when they are not the organization takes action. Policies are critical governance documents that cannot be managed haphazardly.
Upcoming Policy Management Workshop
- Policy Management by Design, London, June 13
- Policy Management by Design, New York, October 24
Key Research on Policy Management Strategy
On-Demand Policy Management Research Briefings
Published Research on Policy Management – Strategy Perspectives
- Benchmarking Your Policy Management Program
- Policies, The Last Mile of Risk Management: The Relationship Between Risk and Policies
- Technology Priorities for Compliance & Ethics: Aligning Technology to Changing Requirements
- Regulatory Change Management: Effectively Managing Regulatory Change in Financial Services