Policy Program Management Use Case Design

This topic explains the Privacy Program Management use case design.

On this page

Architecture Diagrams

The following diagram shows the relationships between the applications in the Policy Program Management use case.

Applications

The following table describes the use case applications.
Component	Description
Policies	The Policies application allows you to centralize corporate policy content, manage the review and approval process, and deliver policies to end users based on their job functions. The application provides a best-practice framework for creating, normalizing, and rationalizing policy content based on your corporate objectives and the authoritative sources that govern your business. All employees of an organization typically use this application. Policies are defined as management instructions indicating a course of action to be taken or a guiding principle to be followed. They are typically presented as high-level statements that provide guidance to end users who must make present and future decisions.
Control Standards	The Control Standards application serves as a central repository for authoring and displaying corporate standards that are mapped to policies, authoritative sources, and control procedures. You can also assess the criticality of control standards based on the objectives and regulations they support and any known control weaknesses. Additionally, the application provides an overall compliance rating for each control standard based on testing performed against related control procedures.
Authoritative Sources	The Authoritative Sources application allows you to centrally manage standards, regulations, laws, and requirements and map them to the policies and control standards for rationalization purposes. The authoritative source repository provides you with a meaningful understanding of what guides and governs your business, and allows you to formulate policies appropriately to aid in demonstrating regulatory compliance.
Change Requests	The Change Requests application allows users to recommend changes in Policies, Control Standards, Control Procedures, Process Narratives, Evidence Repository, Remediation Plan and allows extensions of Exception Request, based on reviews from threat assessments, regulatory news, and issues found during the Audit, Compliance and Risk Management process.
Business Processes	The Business Processes application captures the base data for a given process. A process may be assigned to a particular business unit or shared across multiple business units. A business process may also be referenced to one or multiple products or services. The application enables you to track the business processes personnel, criticality, recovery time objective (RTO) and ITIL category, and associate it with other aspects of the enterprise infrastructure. Note: The Business Processes application is included in the Enterprise Catalog package.
Contacts	The Contacts application serves as a central repository for contact information, is utilized across multiple areas of Archer, and contains information that is often leveraged by other use cases. Updates to a profile record within this application automatically propagate in any records with displayed contact information. Note: The Contacts application is included in the Enterprise Catalog package.
Corporate Objectives	The Corporate Objectives application tracks strategic, operational, reporting, and compliance objectives as they relate to company policies and risks. Key Performance Indicators allow the corporation to track its progress with regard to meeting these objectives.
Business Unit	The Business Unit application provides a detailed view of all activities related to the specific business unit. Note: The Business Unit application is included in the Enterprise Catalog package.
Company	The Company application stores general, financial, and compliance information at the company level. Combined with the Division and Business Unit applications, this application supports roll-up reporting of governance, risk, and compliance initiatives across the enterprise. Note: The Company application is included in the Enterprise Catalog package.
Division	The Division application represents the intermediate unit within the business hierarchy which is a layer below the high-level company and a layer above the individual business unit. You can use this application to further document the relationships within your business and measure the effectiveness and compliance of individual divisions within the enterprise. Note: The Division application is included in the Enterprise Catalog package.

Access Roles and Record Permissions

The following table describes the use case access roles.
Access Role	Description
PM: Admin	This role serves as the administrator for the use case.
PM: Management Review	This role provides create, read, and update access to Policies, Control Standards, Authoritative Sources, Change Request, Findings, Primary Controls, Control Procedures, Question Library, and Corporate Objectives. It also provides create, read, and update access to Exception Requests for reviewers in the Exception Request process.
PM: Manager	This role provides create, read, and update access to managers.
PM: Owner	This role provides create, read, and update access to business process owners.
PM: Read Only	This role provides read access to Policies, Control Standards, Control Procedures, Authoritative Sources, and Corporate Objectives.

Note: For detailed, page-level access rights, see the Data Dictionary.

The following table describes specific roles (fields) within the Policy Program Management applications. These fields may correspond to different members of the team depending on the actual nature of the policies or standards. As part of the implementation process, these roles should be designated.
Role	Description
Approver	Used to review policies and control standards, create change requests, and track exception requests (if Issues Management is licensed).
Owner	Used to create, read, and update corporate policies, control standards, authoritative sources, and regulatory information.

Dashboards

The following table describes the use case dashboards.
Dashboard	Description
Policy Portal	This dashboard provides policy management related charts and quick links.
Governance Portal	This dashboard helps to govern policy program management activities.

The following tables describe the reporting limitations for each dashboard in this use case.

Without the Issues Management use case

The following table describes the reporting limitations of both dashboards without the Issues Management use case licensed.
iView	Use Case Reporting Limitations
Policy Violations	Report is invalid.
Policy Exceptions	Report is invalid.
Open Policy Findings	Report is invalid.
Expired Exceptions	Report is invalid.
Exceptions Summary	Report is invalid.

Without the Key Indicator Management use case

The following table describes the reporting limitations of the Governance Portal dashboard without the Key Indicator Management use case licensed.
iView	Use Case Reporting Limitations
Corporate Objectives Key Performance Indicators Current Status by Category	Report is invalid.

Without the Risk Register application

The following table describes the reporting limitations of the Governance Portal dashboard without a use case that contains the Risk Register application.
iView	Use Case Reporting Limitations
Corporate Objectives By Category with High Risks	Report is invalid.

Use Case Workflow

The following diagram illustrates the out-of-the box process flow for managing a policy program using the use case.

ADDRESS	ABOUT ARCHER	CUSTOMERS
13200 Metcalf Ave	Events	Archer Academy
Suite 300	Resources	Archer Exchange
Overland Park, KS 66213	Services	Support
	About Us	Archer Community