Taking Your Documents from Static to Dynamic
Dread reporting audit findings or vendor risk acknowledgments at the end of every month, quarter, or year?
Well, dread no more. Rather than fret over static version control or tedious manual updating, Onspring’s powerful dynamic documents feature solves your reporting woes. And it was built with you in mind—to make updating reports and communicating data lightning-fast.
Here, we’ll walk you through how you can use dynamic documents to provide your stakeholders with exactly the right information in the format they prefer.
What is a dynamic document?
A dynamic document is a type of “living document” that downloads the latest data from Onspring and formats the content into your desired template. Data included in a dynamic document includes both text and reports with charts, graphs, maps, and tables.
Dynamic documents are incredibly powerful because you can aggregate data and report across several teams and GRC programs in one branded file by the click of a button. Simply select ‘generate dynamic document’ and you receive a polished, branded report in Microsoft Word or Adobe PDF file formats.
No matter which Onspring products you use – risk, compliance, audit, business continuity – Onspring software centralizes your data to make reporting fast and convenient.
The dynamic documents feature leverages your fixed content to create one cleaned-up report file that you can regularly update and share with internal or external stakeholders.
Customize your report template to organize content for unique audiences.
You don’t have to manually change the content for each stakeholder during every reporting period – you can use separate templates for each audience type. This creates serious time savings for yourself and accurate information for your audience.
Dynamic documents can also include brand elements, like your logo, fonts, and brand colors, so that it looks like it was produced in conjunction with your marketing team.
Not only can you tailor dynamic documents to your stakeholders’ needs, but you can also proactively send the report to those who need it when they need it. Send dynamic document reports for daily, weekly, monthly, quarterly, or ad hoc distribution.
By scheduling and embedding a dynamic document into an email, your audience receives the report in the simplest way possible.
How and when should you use dynamic documents?
Dynamic documents are a great resource for any reporting need, but we want to unpack three great use cases to highlight this powerful feature’s benefits.
1. Use dynamic documents for smarter & faster vendor reviews
Goal: Apply real-time vendor risk insights to contract negotiations
- Information security
Dynamic documents create the perfect reports to share information about third parties with whom your organization is contracting business. The feature gathers information and data from assessment responses to produce an easily consumable report for multiple teams to action against.
As you work across teams to intake vendors and conduct risk assessments, all questionnaire responses populate in real-time in Onspring. This instant data provides immediate visibility into potential risks and helps your teams make faster decisions regarding vendor onboarding approvals.
During a detailed information security review for all new vendor requests, your team can flag individual responses from an assessment to discern approval acceptance or exceptions. For example, if a vendor is requesting a high level of access to sensitive data or access to privileged accounts, a trigger can be set for the vendor risk analyst to review in detail which access points are needed, for how long, who has access, and the implications to not granting access.
Access request information from this example would be shared with the vendor management team and business owner to discuss if and how to proceed with the vendor. If the vendor is accepted based on certain conditions being met during the contracting process, Onspring can automatically provide specific legal clauses to insert into the contract.
Benefit to this review process in Onspring: If the inherent risk is identified prior to working with that vendor, your organization can account for it beforehand by negotiating your contract to add more coverage or adjust their access to data.
See the step by step guide of how this information would appear in Onspring for vendor management, information security, and legal teams to review in tandem.
Vendor Type Field Determines Access Level to Data
Results from Risk Assessment on New Vendor Request Flag Risk Rating
Risk Rating Triggers Legal Clauses to Insert into Contracts
Using a dynamic document, the vendor risk analyst can then suggest specific legal clauses to insert into contracts based on what is needed for the vendor to conduct their services and what your organization needs to maintain your risk thresholds.
Dynamic Document Output Based on Vendor Risk Assessment Score & Legal Clause Requirements
These automated reports save vendor risk analysts, information security, and legal teams tremendous time and effort while simultaneously producing customized data in a clear, professional format. It’s a small automation that improves the ability of multiple teams to take appropriate actions to manage risks and improve organizational performance.
2. Communicate company policies for approval before public distribution
Goal: Streamline policy communication for adherence
- Business units
Whether you have a new policy or a new review process, creating a dynamic document is key to facilitating this change smoothly. We know how difficult it is to maintain layers upon layers of data policies with static reports. Dynamic documents allow users to easily identify, reference, and update specific policy data as needed.
To produce a final deliverable, dynamic documents pull specified policy information, the policy itself, and any related controls into a polished document that can be issued in a designated cadence or for specific individuals.
The goal here is to align organizational groups and policies before approval and public distribution. And there are often many groups involved: policy, legal, information security, and the advisory board. With dynamic documents, you’ll have more efficient and effective policy processes, better and faster data sharing, less margin for errors, and consistent communication across groups.
3. Use dynamic documents to produce ESG disclosures
Goal: Consistent ESG communication to internal and external stakeholders
- HR & DEI
- Vendor management
- Information security
Let’s say you want to communicate your company’s Environmental, Social, and Governance (ESG) strategy and its progress. Materiality assessments are likely created at this stage, so Onspring is housing scoring and ratings for each assessment process. Dynamic documents capture this current information, along with any identified risks, opportunities, or remediation/mitigation plans, and organize them into a formal document. Your dynamic document templates create consistency in your ESG status reporting.
Dynamic documents make it more sustainable to keep ESG info up-to-date and accurate in circulation. Consistent language and reliable standards mapping mean only that you can quickly point out changes rather than create a new reporting document every time.
Dynamic Document Best Practices
Overall, dynamic documents can significantly improve communications by providing stakeholders with real-time updates and streamlining report processes. By using dynamic document automation, team can increase efficiency, reduce risk, and improve overall business performance.
That said, there are a few tips for using dynamic documents in Onspring successfully.
- Use triggers and outcomes to auto-generate dynamic documents. Based on logical conditions, Onspring can be triggered to create your final deliverable. Be sure to use the preview feature to test before enabling a document.
- Define who can generate dynamic documents. You may not want all users to have dynamic document capabilities. You can limit document generation by role, say only managers, to produce documents.
- Remember: End users without access to private fields receive redacted data. So, you’ll want to think about what information you’re putting in your dynamic documents and who has access to what. You can override the setting in the document configuration or you can choose to include only public fields.
Actionable insights we think you’ll like
Cybersecurity Insurance Policies Explained
Learn the essential elements of a cybersecurity insurance policy and what the implications are for information security experts.
Best Practices for Cybersecurity Insurance Compliance
Get tactical advice to stay compliant with your cybersecurity insurance policies from information security experts.
Taking Your Documents from Static to Dynamic
Learn how your GRC teams can create polished and branded Microsoft Word or PDF reports for automated distribution internally or externally.