Show TOC

Procedure documentationApproving a Policy Locate this document in the navigation structure

 

After the policy owner ensures that all the review comments have been incorporated, the owner submits the final draft of the policy for approval. One or more approvers may be responsible for this policy, as determined by the workflow engine and as specified by the policy owner. The defined approvers receive the approval workflow in their GRC Inbox.

Prerequisites

The policy approvers must be set up by the policy owner or the default approvers may be determined by the workflow engine (based on the organizations and processes assigned to the policy).

Note Note

  • If the policy applies to an organization, then that organization owner becomes the default approver. Since all the users in the organization are subject to this new policy, the organization owner must approve it.

  • If the policy applies to a certain process and/or subprocess, then the respective owner becomes the default approver. Since all the users in the process and/or subprocess are subject to this new policy, the process/subprocess owners must approve it.

  • There may be other roles assigned to the policy approver role in the configuration, for a certain organization, process or subprocess, who also receive the approval workflow.

End of the note.

Procedure

  1. Choose   My Home   Work Inbox  .

  2. Select a policy to approve. You see the same tabs used to create a policy. Read the material contained in the tabs to understand the scope, history, and potential risks of the policy.

  3. Review any comments on the Review and Approval tab. If an Approval Survey has been created, it is located here and requires answers. Add any general comments here.

  4. Decide if you need to Save Draft, Close, Send Back for Rework, Reject or Approve the policy.

  5. You now have the following options:

    • Approve: The approver may (optionally) provide comments to the policy owner. The approver may also attach supporting documents or links. The policy owner is notified that the policy has been approved. If this policy receives approvals from all approvers, then the policy is ready to be published directly. Or, this setting can be modified through the Customizing activities so that instead of all approvers, only one approver is required for the policy to be approved and published to the policy library.

    • Reject: The approver has to provide comments to the policy owner. The approver may also attach supporting documents or links. The policy owner is notified that the policy has been rejected. The only choice for the policy owner is to create a new policy and start again.

    • Send Back for Rework: The approver has to provide comments to the policy owner. The approver must provide suggestions (for example, a structured list) for improving the policy and any expected changes. The approver may also attach supporting documents or links. The policy owner is notified that the policy has been sent for rework. The policy owner has to amend the policy and resubmit it for approval.

    • Save Draft: Save your comments or attachments and complete the approval process at a later time.

    • Close: Close the policy and complete actions at a later time. No Changes are saved.

  6. Select Close.

More Information