PolicyCo maintains a set of roles designed to give users an appropriate level of permission to suit their job function. This article will explain how these roles work and how to adjust user roles.
By default, PolicyCo will associate the labels as Articles, Frameworks and Evidence. However, these labels are dynamic and can be updated to Requirements, Regulations, and Control Test in the Settings to meet industry terminology standards.
The first half of this guide will show you how to update organizational roles, policy level roles, department level roles, article/policy requirement level roles, procedure level roles, and evidence template/control test roles. If you are looking for a comprehensive list of functions as they correlate to each role assignment, scroll towards the bottom of this support document.
Organizational Roles
All users are assigned an organizational role. The first user who sets up the organization in the platform will be set to an Owner by default. Any new user thereafter will be assigned the organizational role of Viewer. The Owner can adjust the user's role, including setting additional Owner roles.
To Adjust the Organizational Role
Select Users from the Settings menu
Choose desired User
Adjust role from the Organizational Role drop down menu
Viewer
Viewers can only read policies and procedures. It's likely that the majority of your users will be viewers. When a new user is added to the organization, the default role will be set to Viewer and their default view will be the Viewer Interface.
Author
An author can edit policies and procedures as well as evidence templates. Once this role is set at the organization, the author will have read-only access until the Owner sets the author permissions at each policy/procedure/evidence template. More information on this below.
Auditor
An auditor is generally someone outside of your organization who needs to be able to look at your policies, procedures and evidence/control tests. Auditors have read-only access to all policies in your organization.
Auditors can also edit articles and submit them for review. This can be particularly helpful when a policy language change is desired and your auditor has some suggested language.
Auditors can quickly search by article/policy requirement or control and locate the associated evidence/control test. This helps auditors to identify gaps and prove that evidence/control was appropriately gathered.
Billing
The billing contact can add and remove payment methods and view/download invoices associated with the organization.
Owner
Owners function as a "Super Admin" of the platform. A user with an Organizational Role of Owner can perform every function available on the PolicyCo platform, regardless of their settings at the policy or article/policy requirement levels.
Additional Roles
In addition to the organizational roles, a user can be assigned roles at the policy level, article/policy requirement level, department level, procedure level and within an evidence/control test template to customize the level of permissions for that user.
Policy Manager Role
The Policy Manager role should be applied thoughtfully as it includes the ability to review and approve articles. The policy manager is a gatekeeper for the integrity of the policy.
To Assign a Policy Manager
Click Settings from left menu
Choose the User from the User List
Click the check box(es) of those policies you'd like to update this user's role for,
Choose Policy Manager from dropdown list
To assign a user as a Policy Manager for all policies, select all using the Policy checkbox at the top, and then select the Assign dropdown and choose Policy Manager to change the role for all policies.
A Policy Manager may also be set from the Policy Settings.
Policy Author Role
PolicyCo allows the assignment an author at the policy/article level to limit authorship to certain articles.
To Adjust the Role at the Article Level
Navigate to the article
Click on the Author Drop Down
Choose any user(s) you'd like to adjust
To Edit Authors for Articles in Bulk
You may choose to add or change the Author for multiple articles within a Policy.
Select the first article you'd like to add the Author to
To select multiple, continuous articles or all articles, hold down the shift button and scroll down, and shift + click the last article
To select multiple articles that are not in order (i.e., the first, third, and fifth articles in a policy), hold down the command key and click the desired articles
Once all necessary articles are selected, right click and select Set Authors
Select the author from the list of available users that appear
Authors can be removed from articles in bulk in the same manner.
Department Manager Roles
PolicyCo allows the assignment of an author at the procedure level to limit authorship to certain procedures. The Department Manager role should be applied thoughtfully as it includes the ability to review and approve procedures. The department manager is a gatekeeper for the integrity of the procedures.
To Assign a Department Manager Role:
Choose Departments from the Settings dropdown
Choose or add department
Choose or add user
Click the menu next to the user's name to Make Manager (or Revoke Manager)
Procedure Author Role
To Adjust the Role at the Procedure Level
Navigate to the procedure
Click on the Author Drop Down
Choose any user(s) you'd like to adjust
Evidence Template Roles
Author
Authors on an Evidence/Control Test template can make edits the Evidence/Control Test template.
Assignee
Assignees are specific to the evidence gathering. Assignees can upload and delete evidence. They can update the evidence template text but cannot modify the period or delete the evidence template.
Reviewer
Reviewers are responsible for reviewing evidence uploaded for accuracy and marking it as incomplete, accepted or failed.
The Author, Reviewer, and Assignee roles are configured using the dropdown menus above the Editor interface on the Evidence template.
Action Plan Roles
Author
Authors on a Management Action Plan are responsible for crafting an Action Plan when a reviewer fails an evidence period. Once an author for a MAP is set, it cannot be changed.