Most organizations struggle to keep their policies up-to-date to ensure compliance with ever-changing regulatory requirements.
In this 30-minute webinar, you’ll learn how Iceberg helped a large U.S. health care organization implement a policy portal to centralize the management of over 1,600 policies. Using RSA Archer, we:
Improved access to published policies for employees
Simplified the approval process workflow
Automated the periodic review process
This scalable approach reduces the time and effort for policy change management, and provides greater visibility and confidence for stakeholders, senior management, and external regulators.
For more information visit: http://icebergnetworks.com/policy/
3. Delivering Risk Intelligence
About Iceberg
ü Focused on Governance,
Risk Management & Compliance (GRC)
ü Staff includes 30+ full-time GRC consultants
& certified developers
ü Customers include top financials,
insurance, health care, manufacturers,
retail, gov’t in North America.
Paul Everest
VP PROFESSIONAL
& MANAGED SERVICES
Warren Rainey
GRC SOLUTION DEVELOPER
5. Delivering Risk Intelligence
• Large healthcare facility
• ~2,000 policies
• Manual review / approval
process
• Lengthy and time-consuming
• Resource-heavy
• Error-prone
• Difficulty coordinating input
of many stakeholders
6. Delivering Risk Intelligence
SOLUTION OVERVIEW
• RSA Archer Policy Program
Management
• Migrated all policies to a
common portal
• Configured workflow to
automate and simplify
reviews & approval
• Building block of integrated
risk management
7. Delivering Risk Intelligence 7
“Single pane of glass” for
the review and approval
process
Notifications used to
advise participants to join
process
Full logging of activities for
audit purposes
RSA ARCHER
Updating corporate
policies requires multiple
people or groups and large
volumes of emails and
meetings to complete
ISSUE #1
8. Delivering Risk Intelligence 8
Two approaches:
1) Limit control of revisions
to the Policy Owner. Policy
Owner inputs changes
directly in the Archer
2) Attach a Word document
to Policy record that tracks
changes to the policy record
RSA ARCHER
Controlling versions of
policies undergoing
updates is a big challenge
ISSUE #2
9. Delivering Risk Intelligence 9
Dashboards act as a portal
to organize and sort
published policies
Can be integrated/linked
with corporate intranet
RSA ARCHER
Sharepoint or network
folders are not the
friendliest places for
access by general users
ISSUE #3
11. Delivering Risk Intelligence
DEPLOYING ARCHER’S POLICY CHANGE MANAGEMENT
ü Fixed-price solution to Archer 6.3 clients under $25k (not
including licensing)
ü 90 days to PROD
ü No external data feeds. One-time upload of existing policies
ü Addition of fields and changes to fields included
ü 3 new Roles added to Archer
ü 9 notifications with client-defined content
ü 3 custom, embedded instructional videos
11