Effectively Managing & Communicating Policies
[tabs style=”default”] [tab title=”Executive Summary”]
Policies are critical to the organization as they establish boundaries of behavior for individuals, processes, relationships, and transactions providing a critical foundation for governance, risk management, and compliance. Policies are critical in establishing expected behavior so the organization can reliably achieve objectives, manage uncertainty, and act with integrity. Policies, properly communicated and enforced, are a critical foundation for defining and shaping corporate culture. With today’s complex business operations, global expansion, and the ever changing legal, regulatory, and compliance environments, a well-defined policy management and awareness program is vital to enable an organization to effectively develop, communicate, and maintain the wide gamut of policies it needs to govern with integrity. Haphazard department and document centric approaches for policy and training management of the past compound the problem and do not solve it. It is time for organizations to provide a solid technology architecture to drive consistency and harmony across policy management, communication, training, and awareness. MetaCompliance is a GRC offering that GRC 20/20 has researched, evaluated, and reviewed with organizations that are using it in dynamic and distributed environments. MetaCompliance is an integrated policy management, awareness, and training platform which ensures that policies are understood and employees are engaged through a cloud-based portal that addresses the intersection of policy management and employee awareness. The solution facilitates employee engagement and access to policies and corresponding awareness training from any device (e.g., workstation, tablet, mobile). GRC 20/20 has interviewed and engaged several MetaCompliance clients and finds that the MetaCompliance offering has helped them keep up with policy management and awareness in a way that is efficient, effective, and agile.
[/tab] [tab title=”Table of Contents”]
- Policy Management & Communication Demands Attention
- Hordes of Policies Scattered Across the Organization
- Inevitable Failure of Policy & Training Management
- Effectively Managing & Communicating Policies
- The Value of MetaCompliance
- Capabilities of MetaCompliance
- Considerations for MetaCompliance
- About GRC 20/20 Research, LLC
- Research Methodology
[/tab] [tab title=”Author”]
Michael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
©GRC 20/20 Research, LLC. All Rights Reserved.
No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of GRC 20/20 Research, LLC. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines established in client contract. The information contained in this publication is believed to be accurate and has been obtained from sources believed to be reliable but cannot be guaranteed and is subject to change. GRC 20/20 accepts no liability whatever for actions taken based on information that may subsequently prove to be incorrect or errors in analysis. This research contains opinions of GRC 20/20 analysts and should not be construed as statements of fact. GRC 20/20 disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. Although GRC 20/20 may include a discussion of related legal issues, GRC 20/20 does not provide legal advice or services and its research should not be construed or used as such.