IT & Security Policy Program Management Use Case Design

The Policies application allows you to centralize corporate policy content, manage the review and approval process, and deliver policies to end users based on their job functions. The application provides a best-practice framework for creating, normalizing, and rationalizing policy content based on your corporate objectives and the authoritative sources that govern your business. All employees of an organization typically use this application.

Policies are defined as management instructions indicating a course of action to be taken or a guiding principle to be followed. They are typically presented as high-level statements that provide guidance to end users who must make present and future decisions.

The Change Requests application allows users to recommend changes in Policies, Control Standards, Control Procedures, Process Narratives, Evidence Repository, Remediation Plan and allows extensions of Exception Request, based on reviews from threat assessments, regulatory news, and issues found during the Audit, Compliance and Risk Management process.

The Authoritative Sources application allows you to centrally manage standards, regulations, laws, and requirements and map them to the policies and control standards for rationalization purposes. The authoritative source repository provides you with a meaningful understanding of what guides and governs your business, and allows you to formulate policies appropriately to aid in demonstrating regulatory compliance.

The Corporate Objectives application tracks strategic, operational, reporting, and compliance objectives as they relate to company policies and risks. Key Performance Indicators allow the corporation to track its progress with regard to meeting these objectives.

The Control Standards application serves as a central repository for authoring and displaying corporate standards that are mapped to policies, authoritative sources, and control procedures. You can also assess the criticality of control standards based on the objectives and regulations they support and any known control weaknesses. Additionally, the application provides an overall compliance rating for each control standard based on testing performed against related control procedures.

The Business Processes application captures the base data for a given process. A process may be assigned to a particular business unit or shared across multiple business units. A business process may also be referenced to one or multiple products or services. The application enables you to track the business processes personnel, criticality, recovery time objective (RTO) and ITIL category, and associate it with other aspects of the enterprise infrastructure.

Note: The Business Processes application is included in the Enterprise Catalog package.

The Contacts application serves as a central repository for contact information, is utilized across multiple areas of Archer, and contains information that is often leveraged by other use cases. Updates to a profile record within this application automatically propagate in any records with displayed contact information.

Note: The Contacts application is included in the Enterprise Catalog package.

The Business Unit application provides a detailed view of all activities related to the specific business unit.

Note: The Business Unit application is included in the Enterprise Catalog package.

The Company application stores general, financial, and compliance information at the company level. Combined with the Division and Business Unit applications, this application supports roll-up reporting of governance, risk, and compliance initiatives across the enterprise.

Note: The Company application is included in the Enterprise Catalog package.

This role serves as the administrator for the use case.

This role provides create, read, and update access to Policies, Control Standards, Authoritative Sources, Change Request, Findings, Primary Controls, Control Procedures, Question Library, and Corporate Objectives.

It also provides create, read, and update access to Exception Requests for reviewers in the Exception Request process.

This role provides create, read, and update access to managers.

This role provides create, read, and update access to business process owners.

Used to review policies and control standards, create change requests, and track exception requests (if Issues Management is licensed).

This dashboard provides policy management related charts and quick links.

Report is invalid.

Report is invalid.

Report is invalid.

Report is invalid.