TruAware: Policy Lifecycle Management
Business Objectives Met by TruAware:
TruAware Software-as-a-Service Description
Maintaining compliance and achieving risk management objectives is about more than implementing the right technical controls, it is also about defining appropriate policies and procedures and effectively communicating them to the employees which must follow them. Many organizations have not tackled this softer side of compliance and risk management with the same vigor that they have implemented technical controls.
TruAware is a comprehensive policy lifecycle management solution which meets the following business objectives:
Establish and maintain appropriate policies, procedures, and standards
Establishing and maintaining policies, procedures, and standards typically involves stakeholders from multiple functions within the organization. Without a tool, managing this collaborative process can be challenging.
TruAware facilitates circulating draft policies for comment, collecting feedback, and designation of a version as the ‘official’ version in active use.
Communicate policies, procedures, and standards to employees and contractors based on their job duties
Having a policy, procedure, or standard that no one reads is in some ways worse than not having one at all. While the organization may be able to meet the basic compliance objective of stating a policy is in place, it is exposed to more risk and liability since employees will routinely violate a policy they are unaware of or do not understand.
TruAware automates the policy communication process by allowing the organization to designate which user groups need to receive each policy, procedure, and standard. When users log-in, they only see content relevant to their job description, making it more meaningful and encouraging utilization.
Train employees and test their comprehension
Often, policies are written in a style only lawyers could love. As a result, the content is unengaging and employees may not invest the time required to understand it. If a policy violation later occurs, the employee(s) involved may reasonably claim that they did not understand the policy, potentially compromising the organization’s legal position.
TruAware helps resolve this by providing the organization with an option to include training content for key policies. Training content can be configured to be optional or mandatory, meaning an employee cannot accept a policy without first taking the required training module. If the organization wants a higher level of assurance that the employee has understood the policy, it can configure comprehension tests.
Maintain an auditable record of employee acceptance
To meet compliance requirements and reduce risk, an organization may require employees to formally accept/acknowledge policies, procedures, and standards on a periodic basis. In this case, the organization needs to have a central repository of employee acceptances and reporting to demonstrate compliance.
TruAware allows the organization to capture employee acceptance electronically. Additionally, it provides a central, web accessible repository where all levels of management can view employee policy acceptance status.