Quick Demo: Policy Management Software

Learn how Onspring helps you capture and document the critical policies, procedures and attestations in your GRC program.

Video Transcript: Policy Management Software Demo

Hello! Welcome to the demonstration of Onspring’s Policy Management Solution. With our policy management solution, you can document and capture all of your critical policies and procedures, manage key relationships to other critical elements of your GRC program, manage policy attestations and exceptions and report on the overall status of your policy program. Let’s get started.

Right now, we’re looking at the policies and regulations dashboard. A dashboard is the central entry point for most users coming into Onspring. Now what you can see on this dashboard, are a number of different objects, including our key metrics at the top here, that give us some information about various aspects of the policy. We have a number of objects here that will allow us to create or add content into Onspring or perform a search within a particular app.

We also have reports that present various aspects and statuses associated with the policy management program that you’re managing in the Onspring tool. For example, a user could log into a dashboard and start interacting with the information immediately. If I needed to know what my one expired policy exception was, I could click on this key metric, and Onspring’s going to take me directly into the policy that has expired exceptions. Let’s take a look at a policy as managed in Onspring, to learn a little bit more about what data is captured and how that data is leveraged.

Now we’re inside an Onspring content record, specifically a policy. You can see within the policy record that there’s a number of different data points that we have the ability to collect. Many of our clients will manage and capture all key aspects of their policy within a particular content record or within the policy content record, including things like the policy name, the statement, the purpose, and so forth. This would allow them to produce a deliverable using our dynamic document feature, to be able to capture the policy details within Onspring and use that information to produce a deliverable output that can be shared with all users within the system.

In this case, you also see policy sections. A policy section allows you to take your policy and break it down into more detailed components for purposes of tracking detailed information about the policy or understanding compliance status at all levels of the policy. Some clients choose to simply load their policy documents inside of Onspring or a related Onspring record to an external repository such as a SharePoint site, but they’ll still use the Onspring policy record as a way to present the policy in the context of their broader GRC program.

As we go to the regulations, risks, and controls tab, we can see some of those key relationships. In this case, this policy is related to regulatory information. It can be related to risks in the risk register, as well as internal controls and in virtually any other data point that you’re capturing within the Onspring solution. In the case of controls, you can see that we have a number of controls related to this policy. And by virtue of that relationship, we have the ability to produce information or additional statistics that basically demonstrate the policy’s overall compliance status.

Policy reviews can be performed, both initially upon creation of the policy, as well as on an ongoing basis. For instance, if someone were to propose a change to a policy, or you wanted to trigger an annual policy review process. Policy attestations allow you to capture confirmation from users that they have read and agreed to the policy. We leveraged this using policy attestation campaigns, which allows you to organize attestation efforts into time-based groupings. In this example, we could see we’ve got a campaign for Q2 of the year 2020 and within the individual policy attestations, we can identify the individuals in the organization who are required to attest to the policy and capture their attestation and the attestation date, which allows us to track compliance with due dates and with expectations in terms of the timely completion of attestations.

In the exception request tab, users can request an exception or approval to bypass a policy. Within an exception request, if we click on this exception request here, users can document the justification or the reason they need the exception, indicate the duration with which they want that exception to exist, and then relate the exception to any associated or impacted elements of the program. In this case, you see a policy in a control. They can obtain appropriate reviews and approvals from impacted management and policy owners, and they can also request extensions to their exception requests. So if an exception request is going to expire and the requester wants to extend an additional period of time to be granted that exception, they can ensure that those extensions are going through the same approval process as the initial exception did.

Going back to the policy, you also have the ability to retire the policy. Retire or reopen the policy. Onspring’s automation capabilities can be used to ensure that version history is captured any time a change is made to a particular policy. As we go back to the dashboard, I think it’s important to point out that Onspring has a very robust access control capability, using Onspring’s access rules, you can define the maximum level of access that any particular user is going to have in the Onspring system.

For instance, can a user create policies, read them and update them. To further refine that access control model, you can also introduce content security rules, which allow you to police conditions under which the users have specific rights within an app or within a content record. So if my role grants me update and read rights to a policy, I may want that user to only have read rights to the policy if they are not named as a policy owner or a policy delegate. This gives you the ability to create a very robust access model with which to manage your program.

I mentioned before, that you have the ability to search data within Onspring. If I use that policy search feature, I have the ability to search on a particular term within the policy’s app and Onspring’s going to go locate any policy records that match my search criteria.

To complete this demonstration, we’re landing back on the dashboard. A dashboard can be used to present information to varying users depending on who they are and what they need to do in the system. In this particular dashboard, we’re seeing an overview of the policy management program, whereas in another dashboard, for example policy center, we may present information in a different way so that the end user can consume it or a policy reviewer or a policy attestation can be monitored, in terms of which open attestations you have, which open exceptions you have, things that are pertinent to you as a specific user, or again, as a program level user.

Here at Onspring, we’re always willing to teach you more about our platform and how it might be able to help you. So please visit us at onspring.com to learn more about our product and our solutions. Thank you very much.