Hello, I am building out an Eramba instance and have numerous policies, standards, procedures etc. and am not sure if each individual document should be implemented as its own item under the policy module in Eramba or if grouping should take place to arrange all Standards into one document for “IAM” for example.
While having them individually would facilitate more granular capabilities in terms of linking to controls, it would be very large and I’m also not sure how annual approval would work if say 20 Standards fell under one individual under the same family “IAM” for example. Would this approval have to be individually done 20 times or is there a bulk method?
If putting things in groups (such as all Standards tied to IAM put together), I see there would only be one approval process and item to track, but you lose the granularity in terms of control linking (if one standard specifically addressed a control, you could only point the control to the bulk Standard document).
Wondering how this is best handled in Eramba and perhaps if there are features I’m not aware of to better facilitate this?
One way to reduce the number of approvals yet keep granularity of the linkages (suppose, you have one jumbo policy document that has 25 minor policies in it and you approve at that level, as opposed to the minor policy). How you could handle this is set up the minor policies within Eramba and then delete their review objects. This will make them always show as “current” to whatever they’re associated to but also allow you to be more granular in your linkage to policy for compliance mapping (reduces the “go fish” level of reference).
Then create the jumbo policy and associate it to everything the minor policies are associated to and the pass through for reviews expiring, etc, will pass through to the linked objects. Of course, this is less convenient because any time you link a minor policy you’ll also need to link the jumbo policy.
I looked at the Bulk Edit feature for reviews, and it appears it only allows editing the current state of the review but doesn’t let you bulk edit the next review tab, which likely won’t close out the review as completed (I didn’t test this).
I suppose this would also have Policy Portal variables to consider as well - I’d probably mark the minor policies as hidden and only show the jumbo to those users.