Blog | May 6, 2020 2 MINS

Introducing OneTrust GRC Policy Management


Policy management products are frequently a sidelined initiative for HR and compliance teams to manually coordinate across departments to collect best practices and requirements. In addition to a central repository of published documentation, there are several needs on both the back-end development as well as front end distribution to be addressed when it comes to policy management. Beyond having a centralized source to access corporate rules and expectations, teams need a collaborative tool to facilitate appropriate buy-in as policies are drafted.

What is OneTrust GRC Policy Management?

OneTrust GRC’s Policy Management product is among the latest products in the OneTrust GRC suite of products. Our Policy Management product is designed to support both the development and distribution of internal and public-facing policies across your organization. Companies can streamline, structure, and organize processes to create and publish policies across departments. Organizations have flexible options to operate within a single platform to author, review, and collaborate on policy development or integrate into third-party document repositories. The OneTrust Policy Management solution goes beyond just publishing policies, by automating policy distribution and measuring attestation to confirm both receipt and understanding.

What makes the OneTrust GRC policy solution unique?

OneTrust’s Policy Management product offers a depth of functionality within itself but can also play a larger role in your GRC ecosystem. With tailored role-based access, compliance and human resource teams can directly engage specific contributors to review or collaborate on content development. Once documentation is published, the system can target distribution across your organization, to specific business units or unattested individuals. Policies can be linked directly to control records and attestation metrics can be reinforced and updated based on control efficiency tests to monitor policy adoption and performance in real-time. Organizations using OneTrust Policy Management can collect detailed metrics on who has received, acknowledged and confirmed understanding of various policies within your corporate catalog.

Beyond streamlining and measuring the development and distribution of policies, OneTrust’s Policy Management product can:

  • Incorporate Compliance Requirements: The Policy Management tool is also directly integrated into the OneTrust DataGuidance platform. Organizations can pull from regulatory boilerplates to mirror policy language and reflect specific requirements.
  • Take Action to Support Policy Adoption: OneTrust Athena™ AI can monitor attestation rates and fluctuations and make informed suggestions to your team. Athena understands the context of your policies because she is familiar with your policy library, the regulatory environment and your latest attestation metrics. Based on this understanding, Athena can make suggestions such as flagging policy sections and terminology that may be causing confusion and contributing to low attestation.
  • Integrated Just-in Time Training: Policy Management is also integrated with OneTrust Awareness Training. Athena knows which courses align with which policy initiatives and can make training suggestions linked directly to the OneTrust Awareness Training course library based on policy performance and context.

OneTrust’s Policy Management product and Athena AI provide the tools needed for your team to improve policy adoption and shift from policy creation and enforcement from a tactical practice to a strategic initiative.

To learn more about OneTrust GRC Policy Management register for the webinar: First Look | A Complete ISMS Solution – Audit Management & Policy Management taking place on May 14 at 11:00 AM EST / 4:00 PM GMT

Onetrust All Rights Reserved