In your KCM GRC Policy Management module, you can download and customize plan templates for your organization. A plan template is a detailed procedure that you can use to set standards for your organization. Plan templates can also work closely with your organization's policies, so we recommend that you use our policy templates in addition to our plan templates. To learn about the policy templates that we offer, see our Policy Templates article.
To learn about the plan templates we offer, how to access plan templates, and how to customize plan templates, see the sections below.
Plan Template Descriptions
The table below includes a description of each plan template. You can reference the descriptions to determine whether the plan template may be useful to your organization.
To learn about the plan templates we offer, see the table below:
Plan Template Name | Plan Template Description |
Incident Response Plan |
This plan template documents how an organization will respond to and mitigate incidents that have occurred within the organization's network. This template contains steps for classifying incidents and forming an incident response team, and it describes the protocol for notifying the appropriate people. This plan would typically be acknowledged and implemented by the members of the organization who are involved in incident response efforts. |
Information Systems Continuity Plan |
This plan documents how an organization will prepare for, react to, and recover from an information system disruption that affects normal business operations. This template can be used to define how the organization will continue operating as usual in the event of downtime. This plan would typically be acknowledged and implemented by the organization’s Information Technology department. |
System Security Plan |
This plan outlines the security requirements for an organization's information system and describes the security controls that the organization has implemented or plans to implement to meet those requirements. This template also includes input from the members of the organization who are responsible for the information system environment, including information owners and system operators. This policy would typically be acknowledged and implemented by the organization’s Information Technology department. |
Accessing Plan Templates
From your platform, you can access a sample of each plan template. To access a full copy of a plan template, contact your Customer Success Manager.
To access the plan template samples, navigate to the Policy Templates tab of your navigation panel (Policy Management > Policy Templates). Then, you can download a plan template sample by clicking the cloud icon next to the plan template's name.
Customizing Plan Templates
After you download a plan template, you can customize the template so that it applies to your organization. Each plan template contains placeholder text between double brackets, which you should replace with text that is related to your organization.
Plan templates contain two main types of placeholders. To learn about these placeholders, see the descriptions below:
- [[Organization_Name]]: You should replace this placeholder with your organization's name.
- [[organization-defined ________]]: Depending on the plan template you are customizing, this placeholder will include different items, such as incidents, key factors, location, objectives, personnel, and terminology. This placeholder is typically followed by an explanation to help you determine what information you should replace the text with. For example, a placeholder from the Incident Response Plan says, "[[organization-defined personal information category such as client, employee, data subject, etc.]]."