Menu

KCM GRC: Policy Management

Avatar
Lauren Ashley
Updated
Follow

 

How Do I Use Policy Management in the KnowBe4 KCM GRC Platform?

 

The KCM GRC Policy Management module is a great tool for storing, managing, distributing, and tracking the various acknowledgments and agreements required of the employees in your organization. 

Using the Policy Management module, you'll create campaigns consisting of policy agreements assigned to user groups. You can create these groups based on whatever parameters you'd like, such as office location, department, job role, start date, etc. These groups will be the driving factors of policy acknowledgment campaigns.

Your users will receive and acknowledge the policy agreements by email. Once your users acknowledge the policies, the agreements will be recorded in your KCM GRC platform.

See the sections below to get started with and manage the KCM GRC Policy Management module. 

Getting Started with Policy Management
Step One: Add Users to Manage Your Policy Management Campaigns
Step Two: Create User Groups for Policy Management Campaigns
Step Three: Add End Users to the Policy Management Module
- 1) Manually Create Users 
- 2) Quick Import
- 3) CSV Import
Manage Users 
Step Four: Adding Policies
- Uploading and Linking Policies
- Converting Evidence to Policies
Step Five: Creating Policy Campaigns
Monitoring and Managing Campaigns
User Experience

 

Getting Started with Policy Management

There are four types of KCM GRC users that are able to view and/or create, manage, and edit policy management campaigns:
- KCM GRC [Compliance] Administrators
- Policy Administrators
- [Policy] Campaign Managers
- Auditors (view only)

Each policy management campaign will have an owner. The campaign owner is the user who created the campaign. The campaign owner will be the user who receives campaign notifications intended for "Campaign Owners".
For more information, see item number seven under the Step Five: Creating Policy Campaigns section below. 

 

 

Step One: Add Users to Manage Your Policy Management Campaigns

If you need users other than the KCM GRC Administrator(s) to manage policy acknowledgment campaigns, you'll follow the instructions below to create new users with either Policy Administrator or Campaign Manager roles.

Or, if you want your existing KCM GRC users to create and manage policy management campaigns, see the Adding Policy Management Permissions for Existing KCM GRC Users: Contributors/Standard Users or Scope Managers section below.

Note:

Adding new user accounts with Policy Administrator or Campaign Manager roles will count against your purchased license count for KCM GRC.
For more information, please contact your Customer Success Manager.

 

  1. Once you're logged into your KCM GRC account, click on Settings at the top right-hand side; then click Create New User from the drop-down menu (see below).

 

  1. You will be brought to the Create User page. Click the Policy Management tab on the right-hand side in order to create users specifically for the purpose of administering and maintaining policy management campaigns.

 

  1. Once you're on the Policy Management Create User page, enter the appropriate user information and select a User Account Type:
    • Policy Administrators have access to all objects (i.e., campaigns, groups, users, policies, etc.) within the Policy Management module.
    • Campaign Managers can have permissions to specified campaigns. Campaign Manager permissions include creating/updating users, groups, and campaigns; adding and updating policies; and viewing reporting associated with their allowed campaigns.
      • If you've created Policy Management campaigns thus far, you'll be able to specify which of your Policy Management Campaigns you want the Campaign Manager to have access to (see below).
        NOTE: You can also grant policy campaign permissions from within the policy campaigns. 

 

Adding Policy Management Permissions for Existing KCM GRC Users: Contributors/Standard Users or Scope Managers

If you have Contributors (Standard Users) or Scope Managers in your KnowBe4 Compliance Manager that need to have access to Policy Management Campaigns, you can edit the user and add a new role: Policy Administrator or Campaign Manager. 

  1. Edit the existing user(s) by clicking Settings then Manage Users from the top right-hand side of the page.  
  2. From the Manage Users page, click the Edit/Update icon to the right of the user's details (see below).

  1. You will then be able to add either a Policy Administrator or Campaign Manager role for the user from the Policy Management tab.

Back to Top

 

Step Two: Create User Groups for Policy Management Campaigns

In order to assign policy acknowledgments to your end users, they must be in a user group. 

You can create user groups based on job roles, office locations, or any other categorization that would cater to your organization's, or industry's policies. At a minimum, create an "All Employees" group if your organization's policies will apply to all personnel. 

Once the groups are created, you'll be able to specify which group(s) the users will be a member of upon creating or importing them. 

Follow the steps below to create Policy Management Groups.

  1. From the navigation menu on the left-hand side, select Policy Management, then Users & Groups.
  2. Click the Groups tab at the top-left, then the Create New Group button.

  1. Give the Group a Name and provide a description if you'd like.

 

 

Back to Top

 

Step Three: Add End Users to the Policy Management Module

In order to send your end users policies to acknowledge, you'll add them to the Policy Management module of KCM GRC. These end users will not be able to log in to KCM GRC, they're only added for the purpose of receiving policies by email.  

Note:

End users added to the Policy Management module of the KnowBe4 Compliance Manager will not count against your purchased license count for KCM GRC. 
For more information on your license count, please contact your Customer Success Manager.

KCM GRC Account Administrators, Policy Management Administrators, or Policy Management Campaign Managers can add end users to the Policy Management Module.

There are three different ways you can add/import your end users into KCM GRC Policy Management: 1) Manually create users, 2) Quick import, 3) CSV import.

1) Manually Create Users

If you only need to add one user to your policy management campaigns, you can manually add a single user by following the instructions below.

  1. From the navigation menu on the left-hand side, select Policy Management, then Users & Groups.
  2. From the Users tab, select the Create New User button.

 

  1. Fill out the required fields and click the Select Group(s) to Add Users To field to see the drop-down list of your user groups. Select all applicable groups for this user.

2) Quick Import

Using this method, you can type or paste a list of user email addresses, first names, and last names into the Quick Import form to upload users in bulk.

  1. From the navigation menu on the left-hand side, select "Policy Management", then "Users & Groups".
  2. Click the "Import Users" tab and then click the "Quick Import" toggle button.

  • Input user information (one user per line) in the following format: 
    name@company.com,John,Doe
  • Add these users to one or more groups by selecting group names from the "Select Group(s) to Add Users To" drop-down menu. 

  1. Select the "Import Users" button. 

3) CSV Import

Using this method, you can upload a CSV file of up to 5,000 users to add to the console. It is best practice to have a separate CSV file for each of the different user groups necessary in your Policy Management Module. 

  1. From the navigation menu on the left-hand side, select Policy Management, then Users & Groups.
  2. Click the Import Users tab and then click the CSV Import toggle button.

 

  1. Choose your CSV file using the Choose File button.

Note:

In order for the import to be successful, there must be no blank fields, and you must include the following headers in your CSV file: email, first_name, last_name. 

  1. Choose the group(s) to add these users to and click the Import Users button.

 

 

Back to Top

 

Manage Users

The Users tab allows you to manage your Policy Management module users. You can add them to groups, view user information and acknowledgments history, edit/update basic profile information, and disable or enable users.

  • a) The top-level checkbox allows you to select all users.
  • b) The checkboxes are used to select individual users.
  • c) The drop-down menu is used to choose the group to add your user(s) to.
  • d) The Add Selected to Group button allows you to add the selected user(s) to the selected group.
  • e) The View icon allows you to view user information and acknowledgments history.
  • f) The Edit/Update icon allows you to edit user information.
    g) The Enable/Disable icon allows you to change a user's status between enabled or disabled in order to include or omit them from policy campaigns.
  • h) The Delete icon allows you to delete a user.



Back to Top 

 

Step Four: Adding Policies

You will upload or link to your organization's policies so they can be used in policy management campaigns. 

Your organization's policies can be added to KCM GRC as either an uploaded file or a link to a policy hosted online. The policy links can be internal to your network, or external (SharePoint, Dropbox, Google Drive, etc.). You can also use existing compliance Evidence in your console to create a policy.

Details on Policy Uploads and Links:

Uploaded Policies:

  • The accepted file types for uploading policies are: .png, .jpg, .jpeg, .gif, .bmp, .tif, .tiff, .txt, .pdf, .rtf, .eml, .msg, .csv, .doc, .docx, .xls, .xlsx, .ppt, .pptx
  • The maximum file size for policy PDF files is 50MB; all other file types have a maximum size of 10MB.
  • The file name of uploaded policies has a maximum character count of 100.

Linked Policies:

  • The policy link must include a protocol (i.e., https://, http://, ftp://,sftp://, \\servername\, file:\\\, or file://).
  • Policy links have a maximum character count of 2000.

 

Uploading and Linking Policies

Follow the instructions below to add new policies to the KCM GRC Policy Management module.

  1. From the navigation menu on the left-hand side, select Policy Management, then Policies.
  2. Click either the Upload Policies or Link Policies button. 
    • Document Uploads: Drag and drop files or click the upload field to choose a file.
      • By default, the display name of the policy in KCM GRC will match the file name. You have the option of changing the policy's Display Name and adding a version number under Edit Uploaded Policies

  • Link Policies: In the first field, add an appropriate Display Name for the policy. This is how the policy will be displayed in KCM GRC, as well as in end users' emails. Add the policy's link in the Link field of the form and define the policy's Version and Description if you'd like. You can add several linked policies at one time (up to 5).

 

Converting Evidence to Policies

You can utilize existing Evidence from your Evidence Repository to create policies for your users. Follow the instructions below to convert existing Evidence to a policy. 

  1. Navigate to the Evidence document or DocuLink that you'd like to use as a policy. You'll be able to find Evidence in your Evidence Repository or from the Control for which the Evidence was submitted. 
  2. Click the document icon (see below), and the new policy will be created in your account's Policy module–where you can then assign it to users through a policy campaign.
    • When converting evidence files to policy files, keep in mind the file sizes limitations are still applicable.

 

Back to Top

 

Step Five: Creating Policy Campaigns

You'll set up campaigns in your KCM GRC Policy Management module in order to email policies to your end users and track the completion of user policy acknowledgments. 

To create a campaign:

  1. From the navigation menu on the left-hand side, select Policy Management, then Campaigns.
  2. Click the Create Campaign button at the top-right. 

1) Name:
First, name your policy campaign. Give the campaign a descriptive name that compliments the capacity of the included policy acknowledgments. 

2) Start Date: 
Specify the desired campaign start date, start time and your time zone. 
Note: The campaign must start at least 15 minutes after the time of the campaign's creation. 

3) End Campaign: 
You have three options for your policy campaign's end date. Having a deadline is recommended, as it gives users an incentive to acknowledge the required policies.

First, you can set a specific end date using the Specify Date setting. This will be a hard deadline for your users to acknowledge the assigned policies, no matter when they are added to the policy campaign.
Link Expiration: This is where you specify the length of time the link your user receives–to access and acknowledge their policy–will be valid. 

The second option is to set a Relative Duration. This option will give a deadline based on when users are added to the policy campaign and the "relative duration" from this enrollment date. The (optional) notifications you've set up for these types of campaigns will be sent out accordingly–based on the user(s) enrollment date.
Relative Duration: Specify the number of days, weeks, or months you'd like to allow your users to acknowledge their policy(ies). 
Link Expiration: This is where you specify the length of time the link your user receives for accessing and acknowledging their policy, will be valid. 

The final option, No End Date, leaves the policy campaign open indefinitely. You can always alter the end date or cancel the campaign if you need to.
Link Expiration: This is where you specify the length of time the link your user receives for accessing and acknowledging their policy, will be valid.

4) Select Campaign Policy(ies):
Select the policy or policies you'd like to include in the campaign. The policies will be in the form of DocuLinks (linked URLs) or documents that you've uploaded to the Policy Management module of KCM GRC. You can add numerous policies to your campaigns. When making this selection, consider the types of policies and how often the policy acknowledgments are necessary for your organization. 

5) Select Campaign Group(s): 
Here you can specify which user groups you need to include in your policy campaign. For instance, if your organization has policies that are role-specific, you may want to create role-based policy campaigns, including role-based user groups. On the other hand, if your organization's policies apply to all users, you may want to include an "All Users" group to distribute policies to all personnel.

6) Automatically enroll users that are added in the future: 
This checkbox will automatically enroll new users that you add to the groups assigned to this policy campaign.

7) Notifications:
There are five different notification types available with Policy Management Campaigns. Notifications intended for the Campaign Owner will be sent to the creator of the policy management campaign. 

Important:

Be sure to include notifications in your campaign setup. Notifications are how your users will receive links to read and acknowledge the campaign policy or policies. See below for details on each notification type.

  • On Campaign Start (User): This email will be sent to all users once the campaign begins. It will include links to all policies included in the campaign. 
  • Before Acknowledgement Due (User): This email will be sent to all users who have not acknowledged their policies. You will specify how many days before the due date you'd like the notification to send. You can add multiple instances of this notification by specifying a different 'Number of Days' to send before due–for each different notification version.
  • On Campaign Start (Campaign Owner): This email will notify the campaign owner (creator) that the campaign has been activated and includes the start date and time for the campaign.
  • Before Campaign End (Campaign Owner): This email will notify the campaign owner (creator) of the campaign's end date and time. You will specify how many days before the due date you'd like the notification to send.
  • On Campaign Completion (Campaign Owner): This email will notify the campaign owner that the policy campaign has ended. It includes a link to login to the KCM GRC console to view the policy campaign.
  • After Campaign Enrollment (User) (Relative Duration and No End Date campaigns): This email will be sent to users–that are added after the campaign starts–upon their enrollment. It will include links to all policies included in the campaign. 

Note:

If the policy campaign has a "Relative Duration" end date, the "On Campaign Completion (Campaign Owner) notification type will not be an option since these campaigns do not have an expiration date.

 

Back to Top 

Monitoring and Managing Campaigns

Once a campaign has started you can monitor its progress and see which users have or have not acknowledged their assigned policies.

To view details of individual campaigns, navigate to Campaigns under Policy Management from the navigation menu on the left-hand side. Then click on the name of the campaign you'd like to view. You'll arrive at the screen shown below where you can get an overview of the campaign and/or drill into individual user acknowledgment statuses. 

 

Campaign Overview Screen:

Campaign Overview

From the campaign overview screen, you can see the total number of policies that need to be acknowledged for the campaign to be complete, as well as the percentage of policies that have been acknowledged thus far. On the right, you will see details of the campaign such as the status, the start and end date (if applicable), the number of users in the campaign, the groups included in the campaign, and the notifications that have been scheduled for the campaign. 

Nudge Users: 
By clicking this button you will automatically send reminder email notifications to the users who have not acknowledged their policy agreement(s). Once the Nudge Users button has been clicked you will be notified of how many emails were sent, see below for an example. 

Users tab:
The Users tab will give you detailed information on each user's acknowledgment status. Here you can see the user's names, policy name(s), start date, date of the policy link expiration, the status of each user's acknowledgment, and the date they acknowledged the policy. You can also update/edit the campaign, Nudge Users to acknowledge their policies, and if necessary, force policy acknowledgment for users.

Members tab:
The Members tab will display all of the active users in your KCM GRC account who currently have access to the campaign you're viewing. From this page, you can click the Manage Campaign Permissions button to edit Campaign Manager user permissions for this campaign. From this page, you can also grant campaign access to additional Campaign Managers. 

 

Back to Top
 

User Experience

Your users will receive emails that include links to the policies you've included in the policy campaign. The number of reminder emails the users receive is dependent on the number of policies.

Depending on the type of policy you've added to the console (DocuLinks or uploaded files) and included in your campaign, the user interface will look similar to one of the two options below. 

Uploaded Policy

The user will simply scroll through the policy you've uploaded to the Policy Management module. Once they've read and understood the policy, they will use the checkbox and click Submit to complete their policy acknowledgment. 

If you'd like to add a custom logo to your KCM GRC account–and therefore your Policy Management campaigns–upload your organization's logo image in your Account Settings

 

DocuLink Policy

The user will simply click the link you've added to the Policy Management module in order to read the policy. Once they've read and understood the policy, they will use the checkbox and click Submit to complete their policy acknowledgment.

Once this is complete, the user's policy Status will change to Completed in the KCM GRC Policy Management module. These user policy statuses can be seen from the Users tab under the campaign overview, as well as under the Reports section of the KCM GRC Policy Management module. 

 

Back to Top

 

 

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles