All About Policy in the Cloud

In Information Governance, Policies are standards that guide business decisions.

While you work through your day-to-day job duties, chances are you adhere to a set of organizational policies, whether well-defined in shared documents or loosely maintained via tribal knowledge. The bigger your organization gets, the larger amount of people these policies can affect. Consider the following example:

“XYZ Corporation - Privacy Policy

XYZ Corporation takes extensive measures to protect consumers’ privacy. We collect only the information needed to fulfill placed orders and make recommendations based on shopping preferences. We never share consumer information with third parties unless said consumer has granted us permission to do so.”

In order to properly comply with the above policy, employees may raise the following questions:

• What is the purpose of this policy?
• When was this policy last updated, and is it still relevant?
• Who authored this policy, and what stakeholders have endorsed it?
• Who does XYZ Corporation consider a “consumer”?
• Where is our “consumer information” located?
• What controls (or Rules) must be in place to enforce this policy?

The Syniti Cloud offers a number of features which can enhance understanding of organizational policies. We’ll review each of these features in detail below.

Figure 1 - Policy Detail

The Policy Detail page is an area to collaboratively define a policy and relate it to other parts of the organization. Figure 1 shows:

1. A name or short description of the business policy.
2. A full detail description of the business policy. Note that many words and phrases are highlighted in this section (more on that later).
3. Purpose - The underlying purpose for the business policy. In this example, we reference EU GDPR Compliance. In a later section, we’ll link supporting documentation.
4. Status - A policy will remain in Candidate status until it is Sponsored by relevant stakeholders, at which point it will move to Accepted.
5. Policy Type - Gartner identifies 8 different types of business policies which we leverage for categorization. A description of each policy type is available in the hover text of this section.
6. Criticality - This section indicates the importance of this policy’s enforcement.

Figure 2 - Policy Detail (cont.)

Figure 2 contains:

1. Dates - Identify the enforcement period for this policy. In this example, XYZ Corporation began enforcing their Privacy Policy on May 25th, the same date as the EU GDPR enforcement date. We don’t populate an end date because this policy will now be enforced for the lifetime of the corporation.
2. Assigned to - This is the person who is ultimately responsible for the policy.
3. Sponsors - This section lists relevant stakeholders which have endorsed or contested this version of the policy.
4. Deep Guidance - The Deep Guidance will suggest ways to increase a policy’s value. In this example, the Guidance suggests defining specific terms (the highlighted phrases from Figure 1), which is intended to mitigate semantic confusion across the enterprise.
5. The ellipsis gives the option to view a detailed change history.

Figure 3 - Policy Detail (cont.)

Figure 3:

1. Related assets - Though not fully shown, this section includes related Terms, Rules, Policies, Data Sets, and Systems. While defined Terms promote universal understanding of a policy, Rules indicate the formal controls which enforce the policy. Related Data Sets are subsets of fields and metadata collected from one or more systems, while System records capture information about where data is stored.
2. Supporting Documentation - Clicking on this tab will show where I have linked GDPR Article 5 as supporting documentation for this policy.
3. Comments - This section is intended to enable dialogue between relevant stakeholders concerning a policy’s context.
4. Related Goals & Initiatives - In addition to related assets, organizations can indicate what Goals and Initiatives (or components of Strategy) a policy is a direct result of.

Final Thoughts

Far too often, various areas of an organization manage policies in silos, which hinders the reuse of information and the optimization of data and shared knowledge. This in turn increases cost to manage and use information, in addition to introducing more risk that policies will not be followed.

Information Governance can be complicated to implement, but yields important benefits. At Syniti, each cloud customer is assigned a designated Customer Success Manager who can help guide you and provide further expertise on implementations. To learn more about the customer success program, please contact customersuccess@syniti.com.

Note: For technical guidance on the creation of Policies, please visit the Help link available at the bottom of any Syniti Cloud page.