BEYOND THE SHELF - ENSURING POLICY UNDERSTANDING WITH COMMUNICATION AND TRAINING THE POLICY MANAGEMENT ILLUSTRATED SERIES – PART THREE SPEAKERS Michael Rasmussen, GRC Research Analyst and Pundit, GRC 20/20 and OCEG Fellow Robert O’Brien, CEO, MetaCompliance Moderator: Carole Switzer, Co-Founder and President, OCEG 99/99/99
Housekeeping ■ Download slides at http://www.oceg.org/event/beyond-the-shelf-ensuring-policy-understanding- with-communication-and-training ■ Answer all 3 polls ■ Certificates of completion (only for OCEG All Access Pass holders) ■ Evaluation survey at the close of the webinar ■ Find the recording on the Resource tab of the OCEG site, under Archived Webinars 2
Learning Objectives ■ Define the key parts of a policy communication plan ■ Outline methods for tracking and delivering training and attestations ■ Identify ways to both push and pull employee access to policies and related materials 3
Poll 1 Do you have an OCEG All Access Pass (a paid membership) and would you like to receive CPE credit for this event? a. Yes, I have an All Access Pass and I would like to receive a Certificate of Completion for this event b. No, I do not have an All Access Pass but I would like to get one and receive CPE credit for this and future webcasts I attend No, I do not have an All Access Pass and I don’t want to buy one at this c. time (so I won’t get CPE credit for this event) 4
Download at Oceg.org/ resources 5
Discussion Questions ■ Communication and training about policies is essential but do all policies need the same level of attention? ■ If not, how do you develop an appropriate communication plan that takes differences in need into account? 6
Start with the Policy Goal in Mind ■ Consider the reason for the policy ■ Assess the legal implications of non- compliance with the policy ■ Determine risk significance of the policy ■ Establish specific distribution, training and attestation needs for each policy 7
Poll 2 Does your organization have an established policy communication team or other centralized oversight for policy management? a. Yes for the entity b. Yes but only within departments c. No but planning to do so d. No I don’t know e. 8
Discussion Questions ■ What are some of the questions you need to ask as you develop your plan? ■ What factors do you need to consider and directly address? 9
10
11
12
Discussion Questions ■ What are some of the factors that go into deciding whether to just distribute a policy, or to distribute and require certification or attestation of receipt and understanding, or to actually require training on a policy? ■ And who should make these decisions? 13
Discussion Questions ■ In some organizations, new employees are trained on key policies that affect them during the first few days they are on the job and perhaps annually thereafter. Is this effective or is there a better way to determine the schedule, frequency and repetition of policy training? 14
Discussion Questions ■ What should be included in your policy program to make it useful in a defense situation but also to make it measurable and accountable internally? 15
16
Discussion Questions ■ Many organizations tackle policy communication and training in a variety of silos from learning management systems, policy portals, e-mail, to Intranet sites. What is the value of a centralized technology architecture/solution to manage, document, and monitor the policy communication and training process? 17
Poll 3 Does your organization use technology purpose built for policy management? a. Yes for the entire entity b. Yes but only in some areas c. No we adapt other technology or use spreadsheets d. I don’t know 18
19
Policy Management and Training
Questions? 32
Recommend
More recommend