Information Security policies are the bedrock of all cybersecurity Compliance Certifications, Audits, and Assessments. Without a central system for documenting these policies, maintaining mappings to security controls, managing review cycles, approval workflows, and distribution, you will be spending countless hours in follow-ups and redundant work.


TABLE OF CONTENTS




Introduction to Policies

Management of policies and a list of policy templates can be found within ControlMap. You can upload custom policies or use one of the policy templates provided.


Creating Policies

  1. Go to Policies.
  2. Click on Add Policy.
  3. User can create multiple Policies from existing template at one time through Choose From Template. 
  4. Start by naming the policy and choose how you want to manage the policy.
  5. Then upload or select a policy from a template


Create and manage templates under Policies 


Using Policies

  1. Once you have added a policy the policy will appear in the policy list
  2. You can edit the policy directly within ControlMap
  3. You can assign the owner or an approver or invite a contributor
  4. Review date and interval can be set within the policy properties screen 
  5. Map the policy to the appropriate control directly within the policy properties screen 
  6. Optionally apply tags for organization