by Steve Schlarman – January 28, 2010

Policy and compliance are the hand and glove of a Governance, Risk and Compliance (GRC) program. Policy defines the requirements for the organization; compliance activities ensure that the organization is meeting those expectations. One without the other can lead to trouble. In one scenario, you could establish prudent and responsible requirements (policy), but without any enforcement (compliance), the organization can wander off the well-controlled path and accept or assume risks that are intolerable for the business. On the flip side, constant enforcement (compliance) without clear guidance (policy) will result in a lot of unhappy campers in the organization who are being flagged for issues that are not clearly defined as management expectations.

Archer’s Policy Management and Compliance Management solutions work in tandem through a shared Control Procedures application, which allows organizations to document both technical and process controls and measure these controls through a variety of methods. Manual testing via questionnaires and automated testing via third-party integrations enable an organization to build a robust compliance infrastructure that is directly aligned with the controls and directives published as policies.

Establishing clear expectations via Policy Management and implementing consistent measurement and monitoring via Compliance Management allows you to build a continuum of processes that form the core of practical and comprehensive enterprise GRC. Archer’s Policy and Compliance Management solutions give you a proven and sustainable infrastructure to manage these important pieces of the GRC program.

If you'd like to learn more about our Control Procedures application, I invite you to join me today at 1 p.m. Central for a webcast on the Archer Compliance Management solution. Also, if you’re a member of the Archer Community, you can take a deep-dive tour of the Control Procedures application through a recently recorded Friday User Group Training session.