Discover more from PolicyCo’s Newsletter
Managing Policies A Better Way — With Articles PolicyCo
At PolicyCo, Articles are the building blocks of every document. Each Article has a name, sequence number, an author, related controls…
At PolicyCo, Articles are the building blocks of every document. Each Article has a name, sequence number, an author, related controls (more about that later), attachments, and, most importantly, content. We believe articles are a useful way to build your policies because they allow you to manage individual slices of a document in a non-linear way. Whether you create a new policy from scratch, manage an existing policy, or do an annual review, there are several benefits to managing your documents in this modular way.
When embarking on the policy writing process, there are times when a single author isn’t best suited to writing an entire policy. Whether this is due to a writer’s area of expertise or schedule, a collaboration between multiple authors is often helpful. Articles allow for individual authoring assignments within a policy. Articles dealing with technical aspects of a given policy can be assigned to members of the tech team, while more Articles with a more legal focus can be given to the legal team to write and edit. In some cases, it might be a good idea to assign multiple authors to a single Article.
Having a single policy made up of a collection of Articles allows for a more precise association of assets and information to each content block. There are multiple types of content associations that can be made to an Article. Procedures are the first type of content that can be attached to an Article. In most cases, a simple process for complying with a piece of a policy is required. For instance, if a Security Policy calls for changing passwords every 30 days, the associated Procedure would include the individual steps for making that password change. Regulatory controls can also be associated directly with an Article (e.g., GDPR, NIST, HITRUST, etc.). Adding individual controls to an Article makes future updates and compliance audits much easier due to the ability to search either by Article text or by Control. Finally, with PolicyCo, you can also attach files directly to an article. These attachments can range anywhere from screengrabs, documents, or video files.
One of the challenges when managing large policies is identifying which concept should be mapped back to a specific control. A policy can contain dozens of concepts. We refer to these concepts as articles. By dividing your policy into discrete articles, it’s much easier to make specific references to the relevant text.
The old way: Control abc.10 is tied to paragraph 5 of our Aquisition Assessment PolicyThe new way: Write the article and then link the control directly from the controls tab.
With Articles, you can write, review, approve, and publish your policies in a non-linear fashion. Due to how Articles are used to create policies within PolicyCo, an organization can post a policy for immediate use by the employees while continual incremental improvements are made to individual sections. When the author is happy with their work, they can submit their Article(s) to the project manager for review and publishing. Once approved and published, the Article seamlessly folds into the overarching document without additional formatting or styling. With this publishing process, updates can be made to the “live” document efficiently without interrupting the organization’s usage of the currently approved policies. An additional benefit of this type of architecture is the ability to version control specific sections within a document instead of having specific version numbers for an entire policy [althought, if that is your preference, it’s something you can do]. PolicyCo is the only online policy management tool that allows Article based organization. Other systems require that you enter policies as one large chunk. While this certainly is a straightforward approach, the tradeoff is that you will not have useful specificity for a given policy’s procedures, controls, and attachments. We feel really confident about the approach we’ve taken with Articles within PolicyCo and would invite you to try them yourself. Let us know what you think.
Originally published at https://policyco.io on January 30, 2020.