Once information systems are entered and their corresponding controls approved, CyMetric provides policy documents that correspond to the overall company objectives as well as individual control family policies that define the controls that need to be implemented in order to attain company compliance objectives. This is the compliance playbook. When new information systems are added or modified, new information types are added or existing information types modified, if regulatory obligations change for systems in the compliance program, or if personnel change within the organization that have defined responsibilities assigned to them in CyMetric, the procedural documents should be regenerated to reflect the current state of the program.
Generate Procedural/Policy Documents
Click on Policies from the Auditing section of the Navigation area. The first time you go through this process, no policies/documents will be present. Click on the green Generate button from the top right corner of the page.
A pop-up window appears that initiates the workflow to create the documents. Click on the Begin button to initiate the document generation. Note that if you have previously generated policy documents, the version number of the documents is listed in the window identifying the incremental upgrade to the current version.
Enter the names/roles of the appropriate people that have the associated responsibility identified in the fields. Fields are populated with entries from the People module (Users or Contacts). Depending upon the organizational preferences, individual names or roles can be entered in these fields. The values that appear in these fields will appear in the output documents. They can also be adjusted or changed at any time.
Click on the Next button when finished with the data entry.
Enter the Policy Information on the next screen. Policy information refers to when the Policy or Procedures will go into effect, who the approver of the documents is and when the documents need to be reviewed and approved again. Click on the Next button when finished.
Users review the information entered on the previous screens before committing the information to the database. Use the Back Button to make any changes to the inputs. Click on the Generate Policy button if all the information looks correct.
A progress prompt appears indicating the program documents are automatically being generated in the background. This process may take a few minutes to execute as all of the controls and affiliated systems need to be compiled and included in the documentation. Users can perform other functions in CyMetric while this is happening. Click on the Done button to clear the dialog box.
A notification prompt will appear in the top right corner of the screen informing users that the process is completed. Click on the notification bell icon and click on Policy generation finished item.
Document references for each family of controls/functions populate on the screen. All documents will be listed as Pending since they have not yet been approved.
The learn how to Approve the generated policy and procedure documents, please see Approving CyMetric Policy Documents.