PolicyCo maintains a set of roles designed to give users an appropriate level of permission to suit their job function. This article will explain how these roles work and how to adjust user roles.

By default, PolicyCo will associate the labels as Articles, Frameworks and Evidence. However, these labels are dynamic and can be updated to Requirements, Regulations, and Control Test in the Settings to meet industry terminology standards.

The first half of this guide will show you how to update organizational roles, policy level roles, department level roles, article/policy requirement level roles, procedure level roles, and evidence template/control test roles. If you are looking for a comprehensive list of functions as they correlate to each role assignment, scroll towards the bottom of this support document.


Organizational Roles

All users are assigned an organizational role. The first user who sets up the organization in the platform will be set to an Owner by default. Any new user thereafter will be assigned the organizational role of Viewer. The Owner can adjust the user's role, including setting additional Owner roles.


To Adjust the Organizational Role

  • Select Users from the Settings menu

  • Choose desired User

  • Adjust role from the Organizational Role drop down menu


Viewer

Viewers can only read policies and procedures. It's likely that the majority of your users will be viewers. When a new user is added to the organization, the default role will be set to Viewer and their default view will be the Viewer Interface.

Author

An author can edit policies and procedures as well as evidence templates. Once this role is set at the organization, the author will have read-only access until the Owner sets the author permissions at each policy/procedure/evidence template. More information on this below.

Auditor

An auditor is generally someone outside of your organization who needs to be able to look at your policies, procedures and evidence/control tests. Auditors have read-only access to all policies in your organization.

Auditors can also edit articles and submit them for review. This can be particularly helpful when a policy language change is desired and your auditor has some suggested language.

Auditors can quickly search by article/policy requirement or control and locate the associated evidence/control test. This helps auditors to identify gaps and prove that evidence/control was appropriately gathered.

Billing

The billing contact can add and remove payment methods and view/download invoices associated with the organization.


Owner

Owners function as a "Super Admin" of the platform. A user with an Organizational Role of Owner can perform every function available on the PolicyCo platform, regardless of their settings at the policy or article/policy requirement levels.

Additional Roles

In addition to the organizational roles, a user can be assigned roles at the policy level, article/policy requirement level, department level, procedure level and within an evidence/control test template to customize the level of permissions for that user.

Policy Manager Role

The Policy Manager role should be applied thoughtfully as it includes the ability to review and approve articles. The policy manager is a gatekeeper for the integrity of the policy.


To Assign a Policy Manager

  • Click Settings from left menu

  • Choose the User from the User List

  • Click the check box(es) of those policies you'd like to update this user's role for,

  • Choose Policy Manager from dropdown list

To assign a user as a Policy Manager for all policies, select all using the Policy checkbox at the top, and then select the Assign dropdown and choose Policy Manager to change the role for all policies.

A Policy Manager may also be set from the Policy Settings.

Policy Author Role

PolicyCo allows the assignment an author at the policy/article level to limit authorship to certain articles.


To Adjust the Role at the Article Level

  • Navigate to the article

  • Click on the Author Drop Down

  • Choose any user(s) you'd like to adjust

To Edit Authors for Articles in Bulk

You may choose to add or change the Author for multiple articles within a Policy.

  • Select the first article you'd like to add the Author to

  • To select multiple, continuous articles or all articles, hold down the shift button and scroll down, and shift + click the last article

    • To select multiple articles that are not in order (i.e., the first, third, and fifth articles in a policy), hold down the command key and click the desired articles

  • Once all necessary articles are selected, right click and select Set Authors

  • Select the author from the list of available users that appear

Authors can be removed from articles in bulk in the same manner.

Department Manager Roles

PolicyCo allows the assignment of an author at the procedure level to limit authorship to certain procedures. The Department Manager role should be applied thoughtfully as it includes the ability to review and approve procedures. The department manager is a gatekeeper for the integrity of the procedures.

To Assign a Department Manager Role:

  • Choose Departments from the Settings dropdown

  • Choose or add department

  • Choose or add user

  • Click the menu next to the user's name to Make Manager (or Revoke Manager)

Procedure Author Role

To Adjust the Role at the Procedure Level

  • Navigate to the procedure

  • Click on the Author Drop Down

  • Choose any user(s) you'd like to adjust

Evidence Template Roles

  • Author

  • Assignee

  • Reviewer

  • Author of Management Action Plan

Author of Evidence Template

Authors on an Evidence/Control Test template can make edits the Evidence/Control Test template.

Assignee

Assignees are specific to the evidence gathering. Assignees can upload and delete evidence. They can update the evidence template text but cannot modify the period or delete the evidence template.

Reviewer

Reviewers are responsible for reviewing evidence uploaded for accuracy and marking it as incomplete, accepted or failed.

To Add or Remove Evidence Authors/Reviewers/Assignees

The Author, Reviewer, and Assignee roles are configured using the dropdown menus above the Editor interface on the Evidence template.

Author of Management Action Plan

Authors on a Management Action Plan are responsible for edits for crafting a Management Action Plan if/when a Reviewer Fails an Evidence Period. Once an author for a MAP is set, it cannot be updated.

To Set an Author To a Management Action Plan:

When Evidence is marked as Failed, a Management Action Plan workflow will appear. To set the author for the MAP:

  • Click Author dropdown to choose an author

Did this answer your question?