Menu

KCM GRC: Policy Management

Avatar
Lauren Ashley
Updated
Follow

How Do I Use the Policy Management Module?

The KCM GRC Policy Management module is a great tool for storing, managing, distributing, and tracking the various acknowledgments and agreements required of the employees in your organization.

Under this module, you'll create policy campaigns to assign and distribute your organization's policies. Your users will receive and acknowledge the policy agreements by email. Once your users acknowledge the policies, these acknowledgments are recorded in your KCM GRC platform.

Follow the sections below to set up and monitor policy campaigns in KCM's Policy Management module.

Jump to:

Getting Started with Policy Management

Step One: Add Users to Manage Your Policy Management Campaigns

Step Two: Create User Groups for Policy Management Campaigns

Step Three: Add End Users to the Policy Management Module

Manage Users

Step Four: Adding Policies

Step Five: Creating Policy Campaigns

Monitoring and Managing Campaigns

User Experience

 

Getting Started with Policy Management

There are four types of KCM GRC users that are able to view and/or create, manage, and edit policy management campaigns:

  • Account Administrator
  • Policy Administrator
  • Campaign Administrator
  • Auditors (view only)

See here for more information about the various user roles and their permissions in KCM GRC.

Important:

Before adding end users to your policy management module, the email address domains held by your employees must be added to the Domain Whitelist under your Account Settings. Please contact our Support team to add additional domains to your account. 

 

Step One: Add Users to Manage Your Policy Management Campaigns

If you need users other than the Account Administrator(s) to manage policy acknowledgment campaigns, see the Creating New Users section of our Working with Users article for instructions on adding additional users to your console.

If you already have users in your account who need access to policy management campaigns, you can edit the user and add an additional role: Policy Administrator or Campaign Administrator. See the Managing Users section of our Working with Users article for instructions.

Back to Top

 

Step Two: Create User Groups for Policy Management Campaigns

In order to assign policy acknowledgments to your end users, they must be in a user group.

You can create user groups based on job roles, office locations, or any other categorization that would cater to your organization's, or industry's policies. For example, if your organization's policies will apply to all personnel, you can create an "All Employees" group.

When you create or import your end users, you'll be able to specify which group or groups the users will be a member of.

Follow the steps below to create groups in your Policy Management module:

  1. From the navigation menu on the left-hand side, select Policy Management, then Users & Groups.
  2. From the Groups tab, click the Create New Group button.
  3. Add a group Name and provide a Description if you'd like.

See the next section to learn how to add users to your account and add them to user groups. 

Back to Top

 

Step Three: Add End Users to the Policy Management Module

Before you can enroll end users in a policy campaign, you must add them to the Policy Management module and add them to a group. These users will not be able to log in to KCM GRC, they're only added for the purpose of receiving policies by email.

Note:

End users added to the Policy Management module of the KnowBe4 Compliance Manager will not count against your purchased license count for KCM GRC. For more information on your license count, please contact your Customer Success Manager.

KCM GRC Account Administrators, Policy Administrators, or Campaign Administrators can add end users to the Policy Management Module.

There are three ways you can add or import end users into the Policy Management module. See the following sections to learn more:

  1. Manually create users
  2. Quick import
  3. CSV import

 

Manually Create Users

If you only need to add one user to your policy management campaigns, you can manually add a single user by following the instructions below.

  1. From the navigation menu on the left-hand side, select Policy Management, then Users & Groups.
  2. From the Users tab, select the Create New User button.
  3. Fill out the required fields. Then, click the Select Group(s) to Add Users To field to see a drop-down list of your user groups. Select the group or groups that you want to add this user to.
    Create A New User page with an arrow pointing to the Select Group(s) to Add Users To drop-down menu
  4. Click the Create User button.

Quick Import

Using this method, you can type or paste a list of user email addresses, first names, and last names into the Quick Import form to upload users in bulk.

  1. From the navigation menu on the left-hand side, select Policy Management, then Users & Groups.
  2. Click the Import Users tab and then click the Quick Import button, as shown below.
    Quick Import
    1. In the Enter Users field, add the users' information (one user per line) in the following format:
      name@company.com,FirstName,LastName 
    2. Click the Select Group(s) to Add Users To drop-down menu and select the group or groups that you would like to add these users to. 
  3. Select the Import Users button.

CSV Import

Using this method, you can upload up to 5,000 users at one time using a CSV file.

Tip:

As a best practice, we recommend that your CSV files are organized by user group. This means that you should create a CSV file for each group that users will be added to, and the applicable users should be included in this file.
  1. From the navigation menu on the left-hand side, select Policy Management, then Users & Groups.
  2. Click the Import Users tab and then click the CSV Import button.
  3. Click the Choose File button, and then select your CSV file.

    Important:

    In order for the import to be successful, the CSV must not contain empty fields and you must include the following headers in your file: email, first_name, last_name. Additionally, if you are using Excel, CSVs must be saved in the CSV UTF-8 format.
  4. Click the Select Group(s) to Add Users To drop-down menu and select the group or groups that you would like to add these users to.
  5. Click the Import Users button.

Back to Top

 

Manage Users

From the Users & Groups page > Users tab, you can add users to groups, disable users, view user information and their policy acknowledgment history, and update user information. See the details below for more information.

  1. Use the top-level checkbox to select all users on the page.
  2. To add a user to a group, select the checkbox on the left-hand side of their name and then see c. and d., below.
  3. After you select one or more users, click the Select a Group drop-down and select the group you'd like to add the user or users to.
  4. After you select a group, click the Add Selected to Group button to add the selected user or users to the group.
  5. Click the eye icon to view the user's information and their history of policy acknowledgments.
  6. Click the pencil icon to edit user information.
  7. Click the checkbox icon to enable or disable a user. Disabling a user will omit the user from having to acknowledge policies under any policy campaign that the user is included in.
  8. Click the trash can icon to delete a user.

Back to Top

 

Step Four: Adding Policies

Before you can create a policy campaign, you will need to add one or more of your organization's policies to the KCM GRC platform. To add a policy, you will either upload the policy file or provide a link to an external file that is stored on your organization's intranet or a file sharing service. 

Details on Policy Uploads and Links:

Uploaded Policies:

  • The accepted file types for uploading policies are: .png, .jpg, .jpeg, .gif, .bmp, .tif, .tiff, .txt, .pdf, .rtf, .eml, .msg, .csv, .doc, .docx, .xls, .xlsx, .ppt, .pptx
  • The maximum file size for policy PDF files is 50MB; all other file types have a maximum size of 10MB.
  • The file name of uploaded policies has a maximum character count of 100.

Linked Policies:

  • The policy link must include a protocol (i.e., https://, http://, ftp://,sftp://, \\servername\, file:\\\, or file://).
  • Policy links have a maximum character count of 2000.

 

Uploading and Linking Policies

Follow the instructions below to add new policies to the KCM GRC Policy Management module.

  1. From the navigation menu on the left-hand side, select Policy Management Policies.
  2. Click the Upload Policies or Link Policies button, and then follow the instructions below: 
    • Upload Policies: Drag and drop files or click the upload field to choose a file.
      • By default, the display name of the policy in KCM GRC will match the file name. The policy will be displayed by this name in your account and in the notification emails received by end users. You have the option of changing the policy's display name under Edit Uploaded Policies (shown below).
    • Link Policies: In the first field, add an appropriate Display Name for the policy. This is how the policy will be displayed in KCM GRC, and in the email notifications for your end users. Add the policy's link in the Link field of the form and define the policy's Version and Description if you'd like. You can add several linked policies at one time (up to 5).

Once you've added one or more policies to your account, you're ready to create a policy campaign. See the next section for instructions. 

Back to Top

 

Step Five: Creating Policy Campaigns

After adding end users and policies to your account, you'll create one or more policy campaigns so KCM GRC can email policies to your users and track their acknowledgments.

Follow the steps below to create a policy campaign:

  1. From the navigation menu on the left-hand side, select Policy Management > Campaigns.
  2. Click the Create Campaign button at the top-right. Then, complete the specifications outlined below. 

1) Name:
Name your policy campaign. Give the campaign a descriptive name that compliments the scope of the policy acknowledgments included in the campaign. The campaign name will be included in the email notifications that you set up for this campaign (see 7) Notifications, below).

2) Start Date: 
Specify the desired campaign start date, start time, and select the appropriate time zone for the user group or groups that you will include in your campaign.
The campaign must start at least 15 minutes after the time of the campaign's creation.

3) End Campaign: 
You have three options for your policy campaign's end date. Having a deadline is recommended, as it gives users an incentive to acknowledge the required policies:

  1. First, you can set a specific end date using the Specify Date setting. This will be a hard deadline for your users to acknowledge the assigned policies.
    Link Expiration: This is where you specify the length of time that the link to review the policy will be active.

    Note:

    As a best practice, the Link Expiration interval should not extend past the campaign's End Date. Policy acknowledgments are not recorded after the campaign's end date.
  2. The second option is to set a Relative Duration. This option will give a deadline based on when users are added to the policy campaign and the "relative duration" from this enrollment date. The notifications that you set up for these types of campaigns will be sent out accordingly–based on the user(s) enrollment date.
    Relative Duration: Specify the number of days, weeks, or months you'd like to allow the users to acknowledge the policy or policies in this campaign.
    Link Expiration: This is where you specify the length of time that the link to review the policy will be active.

    Note:

    As a best practice for Relative Duration campaigns, the Link Expiration should be the same length of time as the relative duration. When users receive policy campaign notifications for these campaigns, they are instructed to acknowledge the policy before the link expiration date.
  3. The final option, No End Date, leaves the policy campaign open indefinitely. You can always alter the end date or cancel the campaign if you need to.
    Link Expiration: This is where you specify the length of time that the link to review the policy will be active.

    Note:

    When users receive policy campaign notifications for No End Date campaigns, they are instructed to acknowledge the policy before the link expiration date.

4) Select Campaign Policy(ies):
Click this field and select the policy or policies that you'd like to include in the campaign. When making this selection, consider the types of policies and how often the policy acknowledgments are necessary for your organization.

5) Select Campaign Group(s):
Click this field and select the user group or groups to include in the campaign.
For example, if your organization has policies that are role-specific, you may want to create role-based user groups and policy campaigns. To learn more about user groups, see Step Two: Create User Groups for Policy Management Campaigns

6) Automatically enroll users that are added in the future:
Click this checkbox if you'd like to automatically enroll new users that are added to the groups included in this policy campaign.

7) Notifications:
There are five notification types available for policy management campaigns. The notifications that are labeled (Campaign Owner) will be sent to the user who created the policy management campaign.

Important:

Be sure to include notifications in your campaign setup. Notifications are how your users will receive links to read and acknowledge the policy or policies included in the campaign. See below for details on each notification type. Then, see the User Experience section for an example of the (User) notifications.

  • On Campaign Start (User): This email will be sent to all users when the campaign begins. 
  • Before Acknowledgement Due (User): This email will be sent to all users who have not acknowledged their policies. Enter a number in the Number of Days field to specify how many days before the due date that you'd like the notification to send. You can add multiple instances of this notification by specifying a different number in the Number of Days field.
  • On Campaign Start (Campaign Owner): This email will notify the campaign owner (creator) that the campaign has been activated. This notification includes the start date and time for the campaign.
  • Before Campaign End (Campaign Owner): This email will notify the campaign owner (creator) of the campaign's end date and time. Enter a number in the Number of Days field to specify how many days before the due date that you'd like the notification to send.
  • On Campaign Completion (Campaign Owner): This email will notify the campaign owner that the policy campaign has ended. This notification includes a link to log in to the KCM GRC platform and view the policy campaign.

    Note:

    If the policy campaign has a Relative Duration end date this notification will not be an option since these campaigns do not have an expiration date.
  • On Campaign Enrollment (User) (Relative Duration and No End Date campaigns): This email will be sent to users that are added to the applicable user group or groups after the campaign has started. This notification will include links to all policies included in the campaign.

Note:

If a user is enrolled in multiple campaigns at one time, they may receive two or more notifications in one KCM GRC Email Digest. For more information, please see this section of our Email Notifications and the Email Digest article.

Back to Top

 

Monitoring and Managing Campaigns

After a campaign has started you can monitor its progress and see which users have or have not acknowledged their assigned policies.

To view the details of a campaign, from the navigation menu on the left-hand side, click Policy Management > Campaigns. Then, click on the name of the campaign you'd like to view. From this page, you can see an overview of the campaign and you can review the acknowledgment status for individual users, as outlined below.

Campaign Overview:

From the campaign's Overview tab, you can see the total number of policies that need to be acknowledged for the campaign to be complete, as well as the percentage of policies that have already been acknowledged.

On the right, you will see campaign details such as the status, the start and end date (if applicable), the number of users in the campaign, the groups included in the campaign, and the notifications that have been scheduled for the campaign.

By clicking the Nudge Users button at the top right-hand side of the page, you will automatically send reminder email notifications to the users who have not acknowledged their policy agreement(s). After clicking the Nudge Users button, you are be notified of how many emails were sent, as shown in the image below. 

The Users tab (shown below) provides information for each user's acknowledgment status. Here you can see the user's names, policy name(s), start date, date of the policy link expiration, the status of each user's acknowledgment, and the date they acknowledged the policy. You can click Nudge Users to send email reminders to users who have not acknowledged their policies. Additionally, you can force policy acknowledgment for users, if necessary.


The Members tab will display all of the active users in your KCM GRC account who currently have access to the campaign you're viewing. 

Back to Top

 

User Experience

If you've added one or more notifications to a policy campaign, your users will receive an email with a link to review and acknowledge each policy. A unique link is generated for each user and each policy that is included in the campaign. 

Depending on the type of policy that you've included in your campaign (an uploaded file or link to a policy), the user interface will look similar to one of the two examples below.

Uploaded Policy

For policies that you've uploaded to KCM, the user will click the link in their email notification, and then they're brought to the policy viewer, as shown in the example above. The user will scroll through and review the policy. Once they've read and understood the policy, they will click the I have read and understand the above policy checkbox, and click the Submit button to complete their policy acknowledgment.

If you'd like to add a custom logo to your KCM GRC account–and therefore your policy management campaigns–upload your organization's logo image in your Account Settings.

 

Linked Policy

For policies that you've added a link to in KCM, the user will click the link in their email notification, and then they're brought to the page that is shown in the example above. This page instructs the user to click the link that you've included for this policy. Once they've read and understood the policy, they will click the I have read and understand the above policy checkbox and click the Submit button to complete their policy acknowledgment.

Once this is complete, in KCM GRC, the user's policy Status will change to Completed. You can review these statuses from the Users tab under the campaign overview page, and under the Reports section of the Policy Management module. 

Back to Top

 

 

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles