Information Security policies are the bedrock of all cybersecurity Compliance Certifications, Audits, and Assessments. Without a central system for documenting these policies, maintaining mappings to security controls, managing review cycles, approval workflows, and distribution, you will be spending countless hours in follow-ups and redundant work.
TABLE OF CONTENTS
Introduction to Policies
Management of policies and a list of policy templates can be found within ControlMap. You can upload custom policies or use one of the policy templates provided.
Creating Policies
- Go to Policies.
- Click on Add Policy.
- User can create multiple Policies from existing template at one time through Choose From Template.
- Start by naming the policy and choose how you want to manage the policy.
- Then upload or select a policy from a template
Create and manage templates under Policies
Using Policies
- Once you have added a policy the policy will appear in the policy list
- You can edit the policy directly within ControlMap
- You can assign the owner or an approver or invite a contributor
- Review date and interval can be set within the policy properties screen
- Map the policy to the appropriate control directly within the policy properties screen
- Optionally apply tags for organization