Menu

KCM GRC: Policy Management

Avatar
Lauren Ashley
Updated
Follow

How Do I Use Policy Management in the KnowBe4 KCM GRC Platform?

 

The KCM GRC Policy Management module is a great tool for storing, managing, distributing, and tracking the various acknowledgments and agreements required of the employees in your organization.

Using the Policy Management module, you'll create campaigns consisting of policy agreements assigned to user groups. You can create these groups based on whatever parameters you'd like, such as office location, department, job role, start date, etc. These groups will be the driving factors of policy acknowledgment campaigns.

Your users will receive and acknowledge the policy agreements by email. Once your users acknowledge the policies, the acknowledgments will be recorded in your KCM GRC platform.

See the sections below to get started with and manage the KCM GRC Policy Management module.

Getting Started with Policy Management
Step One: Add Users to Manage Your Policy Management Campaigns
Step Two: Create User Groups for Policy Management Campaigns
Step Three: Add End Users to the Policy Management Module
- 1) Manually Create Users
- 2) Quick Import
- 3) CSV Import
Manage Users
Step Four: Adding Policies
- Uploading and Linking Policies
- Converting Evidence to Policies
Step Five: Creating Policy Campaigns
Monitoring and Managing Campaigns
User Experience

 

Getting Started with Policy Management

There are four types of KCM GRC users that are able to view and/or create, manage, and edit policy management campaigns:
- Account Administrator
- Policy Administrator
- Campaign Administrator
- Auditors (view only)

See here for more information about the various user roles in KCM GRC.

Each policy management campaign will have an owner. The campaign owner is the user who created the campaign. The campaign owner will be the user who receives campaign notifications intended for "Campaign Owners".
For more information, see item number seven under the Step Five: Creating Policy Campaigns section below.

 

Step One: Add Users to Manage Your Policy Management Campaigns

If you need users other than the Account Administrator(s) to manage policy acknowledgment campaigns, see the Creating New Users section of our Working with Users article for instructions on adding additional users to your console.

Adding policy management permissions for existing KCM GRC users:

If you already have users in your account who need access to policy management campaigns, you can edit the user and add a new role: Policy Administrator or Campaign Administrator.

See the Managing Users section of our Working with Users article for instructions.

Back to Top

 

Step Two: Create User Groups for Policy Management Campaigns

In order to assign policy acknowledgments to your end users, they must be in a user group.

You can create user groups based on job roles, office locations, or any other categorization that would cater to your organization's, or industry's policies. At a minimum, create an "All Employees" group if your organization's policies will apply to all personnel.

Once the groups are created, you'll be able to specify which group(s) the users will be a member of upon creating or importing them.

Follow the steps below to create groups in your Policy Management module.

  1. From the navigation menu on the left-hand side, select Policy Management, then Users & Groups.
  2. Click the Groups tab at the top-left, then the Create New Group button.

  1. Give the group a Name and provide a Description if you'd like.

Back to Top

 

Step Three: Add End Users to the Policy Management Module

In order to send your end users policies to acknowledge, you'll add them to the Policy Management module. These end users will not be able to log in to KCM GRC, they're only added for the purpose of receiving policies by email.

Note:

End users added to the Policy Management module of the KnowBe4 Compliance Manager will not count against your purchased license count for KCM GRC. For more information on your license count, please contact your Customer Success Manager.

KCM GRC Account Administrators, Policy Administrators, or Campaign Administrators can add end users to the Policy Management Module.

There are three different ways you can add/import your end users into the Policy Management module: 1) Manually create users, 2) Quick import, 3) CSV import.

Important:

Before adding end users to your policy management module, each of the email address domains held by your employees must be added to the Domain Whitelist under your Account Settings. Please contact our Support team with a request to add your domains (note: you may be asked to provide proof of ownership).

 

1) Manually Create Users

If you only need to add one user to your policy management campaigns, you can manually add a single user by following the instructions below.

  1. From the navigation menu on the left-hand side, select Policy Management, then Users & Groups.
  2. From the Users tab, select the Create New User button.

  1. Fill out the required fields and click the Select Group(s) to Add Users To field to see the drop-down list of your user groups. Select all applicable groups for this user.

2) Quick Import

Using this method, you can type or paste a list of user email addresses, first names, and last names into the Quick Import form to upload users in bulk.

  1. From the navigation menu on the left-hand side, select Policy Management, then Users & Groups.
  2. Click the Import Users tab and then click the Quick Import toggle button, as shown below.
    • Input user information (one user per line) in the following format:
      name@company.com,John,Doe
    • Add these users to one or more groups by selecting group names from the Select Group(s) to Add Users To drop-down menu.
  3. Select the Import Users button.

3) CSV Import

Using this method, you can upload a CSV file of up to 5,000 users to add to your console. As a best practice, create a separate CSV file for each of the user groups you've added to your Policy Management module in Step 2.

  1. From the navigation menu on the left-hand side, select Policy Management, then Users & Groups.
  2. Click the Import Users tab and then click the CSV Import toggle button.

  1. Choose your CSV file using the Choose File button.

Note:

In order for the import to be successful, there must be no blank fields, and you must include the following headers in your CSV file: email, first_name, last_name.

  1. Choose the group(s) to add these users to and click the Import Users button.

Back to Top

 

Manage Users

You can manage your end users under the Users tab in the Policy Management module. You can add users to groups, view user information and acknowledgments history, edit/update basic profile information, and disable or enable end users.

  • a) The top-level checkbox allows you to select all users.
  • b) The checkboxes are used to select individual users.
  • c) The drop-down menu is used to choose the group to add your user(s) to.
  • d) The Add Selected to Group button allows you to add the selected user(s) to the selected group.
  • e) The View icon allows you to view user information and acknowledgments history.
  • f) The Edit/Update icon allows you to edit user information.
    g) The Enable/Disable icon allows you to change a user's status between enabled or disabled in order to include or omit them from policy campaigns.
  • h) The Delete icon allows you to delete a user.

Back to Top

 

Step Four: Adding Policies

Your organization's policies can be added to KCM GRC as either an uploaded file or a link to a policy hosted online. The policy links can be internal to your network, or external (SharePoint, Dropbox, Google Drive, etc.). You can also use existing compliance evidence in your console to create a policy.

Details on Policy Uploads and Links:

Uploaded Policies:

  • The accepted file types for uploading policies are: .png, .jpg, .jpeg, .gif, .bmp, .tif, .tiff, .txt, .pdf, .rtf, .eml, .msg, .csv, .doc, .docx, .xls, .xlsx, .ppt, .pptx
  • The maximum file size for policy PDF files is 50MB; all other file types have a maximum size of 10MB.
  • The file name of uploaded policies has a maximum character count of 100.

Linked Policies:

  • The policy link must include a protocol (i.e., https://, http://, ftp://,sftp://, \\servername\, file:\\\, or file://).
  • Policy links have a maximum character count of 2000.

 

Uploading and Linking Policies

Follow the instructions below to add new policies to the KCM GRC Policy Management module.

  1. From the navigation menu on the left-hand side, select Policy Management, then Policies.
  2. Click either the Upload Policies or Link Policies button.
    • Upload Policies: Drag and drop files or click the upload field to choose a file.
      • By default, the display name of the policy in KCM GRC will match the file name. The policy will be displayed by this name in your account and in the notification emails received by end users. You have the option of changing the policy's display name under Edit Uploaded Policies (shown below).

  • Link Policies: In the first field, add an appropriate Display Name for the policy. This is how the policy will be displayed in KCM GRC, as well as in end users' emails. Add the policy's link in the Link field of the form and define the policy's Version and Description if you'd like. You can add several linked policies at one time (up to 5).

 

Converting Evidence to Policies

You can utilize existing evidence from your Evidence Repository to create policies for your users. Follow the instructions below to convert existing evidence to a policy.

  1. Navigate to the evidence document or doculink that you'd like to use as a policy. You'll be able to find evidence in your Evidence Repository or from the control for which the evidence was submitted.
  2. Click the document icon on the right-hand side of the page (see below). The new policy will be added to your account's Policy Management module–where you can then assign it to users through a policy campaign.
    • When converting evidence files to policy files, keep in mind the file sizes limitations are still applicable.

Back to Top

 

Step Five: Creating Policy Campaigns

You'll set up campaigns in your KCM GRC Policy Management module in order to email policies to your end users and track the completion of user policy acknowledgments.

To create a campaign:

  1. From the navigation menu on the left-hand side, select Policy Management, then Campaigns.
  2. Click the Create Campaign button at the top-right. Then, complete the specifications outlined below. 

1) Name:
First, name your policy campaign. Give the campaign a descriptive name that compliments the scope of the policy acknowledgments included in the campaign.

2) Start Date: 
Specify the desired campaign start date, start time and your time zone.
The campaign must start at least 15 minutes after the time of the campaign's creation.

3) End Campaign: 
You have three options for your policy campaign's end date. Having a deadline is recommended, as it gives users an incentive to acknowledge the required policies:

  1. First, you can set a specific end date using the Specify Date setting. This will be a hard deadline for your users to acknowledge the assigned policies.
    Link Expiration: This is where you specify the length of time that the link to review your policy will be active.

    Note:

    As a best practice, the Link Expiration interval should not extend past the campaign's End Date. Policy acknowledgments are not recorded after the campaign's end date.
  2. The second option is to set a Relative Duration. This option will give a deadline based on when users are added to the policy campaign and the "relative duration" from this enrollment date. The (optional) notifications you've set up for these types of campaigns will be sent out accordingly–based on the user(s) enrollment date.
    Relative Duration: Specify the number of days, weeks, or months you'd like to allow your users to acknowledge their policy(ies).
    Link Expiration: This is where you specify the length of time that the link to review your policy will be active.

    Note:

    As a best practice for Relative Duration campaigns, the Link Expiration should be the same length of time as the relative duration. When users receive policy campaign notifications for these campaigns, they are instructed to acknowledge the policy before the link expiration date.
  3. The final option, No End Date, leaves the policy campaign open indefinitely. You can always alter the end date or cancel the campaign if you need to.
    Link Expiration: This is where you specify the length of time that the link to review your policy will be active.

    Note:

    When users receive policy campaign notifications for No End Date campaigns, they are instructed to acknowledge the policy before the link expiration date.

4) Select Campaign Policy(ies):
Select the policy or policies you'd like to include in the campaign. The policies will be in the form of doculinks (linked URLs) or documents that you've uploaded to the Policy Management module of KCM GRC. You can add numerous policies to your campaigns. When making this selection, consider the types of policies and how often the policy acknowledgments are necessary for your organization.

5) Select Campaign Group(s):
Here you can specify which user groups you need to include in your policy campaign. For instance, if your organization has policies that are role-specific, you may want to create role-based policy campaigns, including role-based user groups. On the other hand, if your organization's policies apply to all users, you may want to include an "All Users" group to distribute policies to all personnel.

6) Automatically enroll users that are added in the future:
This checkbox will automatically enroll new users that you add to the groups assigned to this policy campaign.

7) Notifications:
There are five different notification types available with policy management campaigns. Notifications intended for the Campaign Owner will be sent to the creator of the policy management campaign.

Important:

Be sure to include notifications in your campaign setup. Notifications are how your users will receive links to read and acknowledge the campaign policy or policies. See below for details on each notification type.

  • On Campaign Start (User): This email will be sent to all users once the campaign begins. It will include links to all policies included in the campaign.
  • Before Acknowledgement Due (User): This email will be sent to all users who have not acknowledged their policies. You will specify how many days before the due date you'd like the notification to send. You can add multiple instances of this notification by specifying a different 'Number of Days' to send before due–for each different notification version.
  • On Campaign Start (Campaign Owner): This email will notify the campaign owner (creator) that the campaign has been activated and includes the start date and time for the campaign.
  • Before Campaign End (Campaign Owner): This email will notify the campaign owner (creator) of the campaign's end date and time. You will specify how many days before the due date you'd like the notification to send.
  • On Campaign Completion (Campaign Owner): This email will notify the campaign owner that the policy campaign has ended. It includes a link to login to the KCM GRC console to view the policy campaign.
  • On Campaign Enrollment (User) (Relative Duration and No End Date campaigns): This email will be sent to users–that are added after the campaign starts–upon their enrollment. It will include links to all policies included in the campaign.

Note:

If the policy campaign has a "Relative Duration" end date, the On Campaign Completion (Campaign Owner) notification type will not be an option since these campaigns do not have an expiration date.

Back to Top

 

Monitoring and Managing Campaigns

Once a campaign has started, you can monitor its progress and see which users have or have not acknowledged their assigned policies.

To view details of individual campaigns, navigate to Campaigns under Policy Management from the navigation menu on the left-hand side. Then click on the name of the campaign you'd like to view. You'll arrive at the screen shown below. Here, you can get an overview of the campaign and/or drill into the acknowledgment status of individual users.

Campaign Overview Screen:

Campaign Overview

From the campaign overview screen, you can see the total number of policies that need to be acknowledged for the campaign to be complete, as well as the percentage of policies that have been acknowledged thus far. On the right, you will see details of the campaign such as the status, the start and end date (if applicable), the number of users in the campaign, the groups included in the campaign, and the notifications that have been scheduled for the campaign.

Nudge Users: 
By clicking this button you will automatically send reminder email notifications to the users who have not acknowledged their policy agreement(s). Once the Nudge Users button has been clicked you will be notified of how many emails were sent, see below for an example.

Users tab:
The Users tab will give you detailed information on each user's acknowledgment status. Here you can see the user's names, policy name(s), start date, date of the policy link expiration, the status of each user's acknowledgment, and the date they acknowledged the policy. You can also update/edit the campaign, Nudge Users to acknowledge their policies, and if necessary, force policy acknowledgment for users.

Members tab:
The Members tab will display all of the active users in your KCM GRC account who currently have access to the campaign you're viewing. 

Back to Top

 

User Experience

Your users will receive emails that include links to the policies you've included in the policy campaign. The number of reminder emails the users receive is dependent on the number of policies.

Depending on the type of policy you've included in your campaign (doculink or uploaded file), the user interface will look similar to one of the two options below.

Uploaded Policy

The user will simply scroll through the policy you've uploaded to the Policy Management module. Once they've read and understood the policy, they will use the checkbox and click Submit to complete their policy acknowledgment.

If you'd like to add a custom logo to your KCM GRC account–and therefore your policy management campaigns–upload your organization's logo image in your Account Settings.

 

Doculink Policy

The user will simply click the link you've added to the Policy Management module in order to read the policy. Once they've read and understood the policy, they will use the checkbox and click Submit to complete their policy acknowledgment.

Once this is complete, the user's policy Status will change to Completed in the KCM GRC Policy Management module. These user policy statuses can be seen from the Users tab under the campaign overview, as well as under the Reports section of the KCM GRC Policy Management module. 

Back to Top

 

 

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles