Take a Portfolio Approach to Policy Management

Find the right balance between risk mitigation and operational efficiency.

Onsite Workshop

Approaching policy management in a reactive manner often results in:

  • Unnecessary exposure to risk
  • Risk of non-compliance with regulatory requirements
  • Low policy awareness and compliance among end users
  • Inadequate support of the business
  • Redundancies across policies, leading to wasted effort developing, maintaining, and policing policies

Following a formal portfolio approach to policy management will result in:

  • Higher policy awareness and compliance among end users
  • Improved risk coverage
  • Fewer redundancies across policies
  • Improved alignment with corporate policies
  • Decreased audit fines and recommendations

Module 1: Launch the Project & Assess your Risk Landscape

The Purpose

  •  Establishment of high-level policy management goals.
  • Creation of a policy management working group.
  • Definition of the policy management governance processes.
  • Identification and assessment of IT risks.

Key Benefits Achieved

  • Defined scope and purpose of the policy management working group.
  • Defined policy development process.
  • IT risks identified and assessed.

Activities: Outputs:
1.1 Getting started and identifying areas for improvement.
  • List of issues and pain points for policy management
1.2 Identifying key opportunity areas.
  • Set of six to ten goals for policy management
1.3 Establishing policy governance.
  • Amended Steering Committee Charter
  • RACI Chart
1.4 Documenting the process.
  • Documented policy development process
1.5 Identifying risk scenarios.
  • Ranked list of IT’s risk scenarios
1.6 Identifying risk events.
  • List of risks
1.7 Assessing risks.
  • Prioritized list of IT risks (simplified risk register)

Module 2: Create a Policy Action Plan

The Purpose

  • Map current and required policies to risk events.
  • Assess policy effectiveness.
  • Create a plan that identifies the required action, responsible party, required resources, and timelines.

Key Benefits Achieved

  • Policies are evaluated for their effectiveness.
  • A plan is created to address policy deficiencies.

Activities: Outputs:
2.1 Mapping policies to risks.
2.2 Assessing policies.
2.3 Creating an action plan.
  • Policy Action Plan

Module 3: Develop & Communicate Policies

The Purpose

  • Define the policy audience, constraints, and in-scope and out-of-scope requirements.
  • Draft policies.
  • Create a policy communication plan.

Key Benefits Achieved

  • Drafted policies.
  • A plan is created to communicate policies.

Activities: Outputs:
3.1 Drafting policies.
  • Drafted policies
3.2 Communicating.
  • Communication plan

Module 4: Monitor & Reassess the Portfolio

The Purpose

  • Select KPIs to provide insight into policy effectiveness.
  • Gain an understanding of how to drill down to the root cause of the problems when evaluating KPIs over time.

Key Benefits Achieved

  •  KPIs selected.
  • Knowledge gained on root cause analysis.

Activities: Outputs:
4.1 Selecting KPIs.
  • KPI tracking log
4.2 Evaluating trends in KPIs.

Workshop icon Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book a Workshop View Blueprint
GET HELP Contact Us
VL Methodology