What Policy Management Insights Can We Learn During COVID-19?
In their response to COVID-19, organizations are now well into the routine of staff working from home, and maintaining their business as usual as far as possible. Their focus is to look after their staff, their customers, and their critical resources. But how has the pandemic affected policy management?
Many organizations are beginning to take stock of what business processes and service have transitioned smoothly, and where there have been challenges. Despite everyone’s best efforts, there will be lessons to be learned and applied, especially in a post-pandemic environment where new sets of expectations and assumptions may prevail.
To help organizations review their initial responses, Mitratech recently held a webinar – Navigating Chaos with Michael Rasmussen – featuring the well-known GRC20/20 industry analyst, as well as Henry Umney, Commercial Director at Mitratech. They reviewed how organizations have responded to the pandemic outbreak, what lessons are being learnt, and what best practices might be applied to address them.
Policy management as part of a governance framework
Michael and Henry both agreed that policy management is a well-established part of a complete governance framework, which helps businesses manage a host of activities, from risk management, health and safety, HR, IT security and much more besides. However, from their many conversations with industry practitioners, COVID-19 has highlighted several common issues for businesses.
The first issue they highlighted was that the pandemic has shown how interconnected many company policies are. A change to the HR policy, allowing long-term working from home, can, in turn, impact the IT security policy. For example, if people are obliged to use their personal IT equipment for their job, for a sustained period, there may be IT policy implications if they have inadequate IT security in place on their personal machines.
Equally, there may be health and safety policy implications of a work-from-home initiative which breach this policy, for example, when it comes to seating, use of laptops, cabling, et cetera, that could have insurance implications for the business.
The need for a Policy Portal for the post-COVID enterprise
The second theme Michael and Henry explored was how policies are typically formulated, implemented and managed in their separate silos. The lack of what Michael called “an Enterprise Policy Management framework” is creating problems for many businesses currently; there is often no single “golden data source” for all policies. Some will be on a network file share, others in a dedicated application, still more held on SharePoint or in the Cloud.
In normal circumstances, that can make accessing, changing, maintaining, and attesting to them difficult for the users, managers, and auditors who utilize these policies. During a pandemic, where policies have to be assessed, modified, and approved quickly and frequently? This task becomes much more difficult.
On reverting to business-as-usual, once COVID-19 has finally passed, the task of verifying (and auditing) that the previous standards are being re-applied will be time-consuming, costly, and risk-prone in an unconsolidated policy management environment.
A solution explored during the webinar: How a centralized Policy Portal can help consolidate and integrate policy management across the enterprise. This can provide an intuitive, adaptable, accessible, and auditable framework that allows an organization to create, adapt and evolve its policies in response to planned or sudden changes to the business. While simultaneously continuing to maintain the standards of risk management and corporate governance that are core to the value of policy management.