client login    languages

Policy Management System Helps You Put Old Policies Out to Pasture

Request A Demo of Our Ethics And Compliance Solution

Policy Management System Helps You Put Old Policies Out to Pasture

The third webinar we conducted with the Open Compliance and Ethics Group for the “Policy Management Illustrated” series dealt with proper measurement and evaluation. Our previous blogs from this series discussed best practices around policy communication and enforcement. In this series, we’re looking effective policy maintenance through measurement and evaluation. Last time we looked at the value of policy metrics. This time, we’ll discuss how policies should be updated and archived.

So what needs to happen to an old version of a policy when an update occurs? What about any policy data that had been gathered, like the metrics and audit trails around it?

If a policy has ever been on the books, it should be maintained in the system virtually forever. When policies are updated, obsolete versions should be catalogued in the system and retained. If an issue arises that occurred back when an earlier version of a policy was in force, you can find it and see what parameters and attestations existed for that policy at that time. Of course, archived versions of policies should be accessible only to the policy team; the organization at large should only be able to access the version currently in effect.

In a manual, document-based system, this is a nightmare. The old policy is just as important as the updated version. A robust policy management system allows you to track changes and versions to entire policies or even down to the level of specific sections within a policy.

The metrics and auditing information for those obsolete policies, just like attestations for policies now considered outdated, must also be maintained in that same system for the same reasons. Otherwise, you lose context for how that obsolete policy was used and enforced.

Michael Rasmussen summed it up really well in his Compliance Week article: “The audit trail is used to present evidence of effective policy management and communication and includes a defensible history of policy interactions on communications, training, acknowledgments, assessments, and related details needed to show the policy was enforced and operational.”

We really enjoyed working with GRC 20/20 and OCEG on these Policy Management illustrations and the roundtables discussions with the thought leaders in this area of the GRC world. It hopefully serves to inform organizations about the need for better policy management.

About the Author

John Peltier, Product Marketing Manager. John leads the product marketing efforts for The Network’s integrated governance, risk and compliance software suite and previously led the strategy and development efforts of our Policy Management and Learning Management Systems. He is an accomplished product professional, with over a decade of experience delivering solutions to business problems. He has spent three years in ethics and compliance, and previously spent nine years in healthcare.

Leave a Comment

We would be glad to get your feedback. Take a moment to comment and tell us what you think.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Awards & Certifications 2013 GRC 20/20 Technology Innovation Award 2013 TAG Top 40 Innovative Company 2012 IABC Gold Quill Award 2012 MarCom Award We self-certify compliance Safe Harbor Safe Harbor Certification SOC 2 Certification