Best Practices in Effective Policy Communication & Awareness
The Three Lines of Defence is a popular framework for managing Governance, Risk Management & Compliance (GRC). In our first webinar on the Three Lines of Defence we explored the policy implications of the first line of defence – the front line employees. In this webinar we now explore the second line of defence, the risk, security, and policy owners and managers and their job in ensuring that policies are current and understood in the organization.
Continual growth of regulatory requirements, complex business operations, and global expansion demand a well thought-out and implemented approach to policy management that is governed by the second line of defence. In order to achieve effectiveness, efficiency, and agility in policy management, organizations need to define a structured governance framework and process. However, effectively managing policies is easier said than done. To consistently manage and communicate policies, the second line of defence is turning toward defined processes and technologies to govern policies and implement an effective policy management lifecycle.
This webinar focuses on how to effectively manage and govern policies and enable the second line of defense in your organization through effective policy oversight.
Attendees will learn:
- GRC and policy management in the context of the Three Lines of Defence Model
- How the second interact with the first and third lines of defense to protect the organization
- How to effectively manage and maintain polices in the organization
- Methods for second line employees to to ensure that first line of employees are aware of policies
- How technology can automate and enable the second line of defence
- Driving efficiency, effectiveness and agility into all three lines of defence
GRC 20/20 Presenter
Michael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
Metacompliance has been developing software and content for the compliance market since 2005. They recognize the difficulty of mitigating the liability and risk that arise from the mismatch between staff awareness and the threats and security decisions needed to be resolved.
The company has worked closely with their clients to deepen the usability and functionality of their products to assist with corporate governance and cyber threats as they evolved through compliance legislation and hacker sophistication. Initially they entered the market with their Policy Management system with its unique enforcement capability. However, getting attestation from staff needed to be underpinned by understanding and that led them to develop their own Learning Management System (LMS) along with high quality cyber security and compliance content.
Metacompliance is a privately held company that has been funded to deliver on its business goals. Metacompliance is a software development organization focused on delivering commercial off the shelf (COTS) software and eLearning content against their innovative product vision.