Create a compliance map
Centralize the documentation of requirements and their mapped controls, and automatically aggregate testing results and issues to easily assess compliance requirements coverage and report on compliance status in real-time.
Before you start
Before you can manage compliance, you need to:
To aggregate testing results and issues data from projects, you or someone on your team must complete the following tasks:
Note
- Interface terms are customizable, and fields and tabs are configurable. In your instance of Diligent One, some terms, fields, and tabs may be different.
- If a required field is left blank, you will see a warning message: This field is required. Some custom fields may have default values.
Permissions
Users assigned Compliance Maps Privileges with Read/Write access can create a compliance map.
Why are some standards and regulations locked?
While working in Compliance Maps, you may notice that some imported standards and regulations are locked. A lock icon indicates that these actions are read-only.
This is because when we source these standards and regulations, the providers sometimes specify that customers can't modify the content from the templates they provide. As a result, modification actions are unavailable, including editing any part of any standards, regulations, or associated requirements; adding subrequirements; and deleting requirements.
Workflow
Add standards or regulations
Add a standard or regulation to your compliance map manually, or import available standards and regulations from the Compliance Library. (To generally view standards and regulations in the Compliance Library, see Importing standards and regulations, section Manage Diligent-provided standards or regulations .)
- Open the Compliance Maps app.
- The Compliance Maps home page opens.
- Complete any of the following tasks:
Task Steps Import available standards or regulations - Click Import standard or regulation.
The Compliance Library opens.
- Search for and select the relevant standards or regulations you want to import.
Some standards and regulations are only available in read-only format. For more information, see Importing standards and regulations.
NoteCertain standards and regulations are only available by subscribing to Diligent Content Suites. For more information, see Content & Intelligence Gallery.
- Click Import.
- Once the import is complete, click the Open button for the newly-imported standard or regulation.
Result – You will return to the Compliance Maps home page with the side panel open for the newly-imported standard or regulation, and the standard or regulation expanded in the list view to show its top-level requirements.
- Skip the steps under Add requirements and proceed to Specify if requirements are applicable and covered.
Accessing additional standards and regulations Some standards and regulations display a Contact for access label. Contact your Customer Success Manager to learn how to access these standards and regulations. Manually add a standard or regulation - Click Create new.
The Add standard and regulation side panel opens.
- Enter the following information:
- Title Name the standard or regulation.
The character limit is 255. The name must be unique.
- Description (optional) Provide a description of the standard / regulation.Note
Rich text fields cannot exceed 524,288 characters.
- Title Name the standard or regulation.
- Do one of the following:
- To add the standard or regulation and close the panel, click Save and Close.
The standard or regulation is added to the compliance map.
- To add a requirement to the standard or regulation, click Save and add requirement, and proceed to step 3 of Add requirements.
- To add the standard or regulation and close the panel, click Save and Close.
- Click Import standard or regulation.
View and Manage standards or regulations
The regulation page provides a comprehensive view of a regulation. It enables you to search for specific requirements within the regulation and view the statuses of these requirements along with their associated controls.
To view a regulation, follow these steps from the Compliance Maps home page:
View | Steps |
---|---|
High-level details |
To view details such as title, description, and source of a regulation, select Show details from the More menu in the Actions column. |
Detailed view |
|
View requirements
You can view the requirements from the regulation page. To navigate to the Requirement details page, open a regulation and then select Details.
Add requirements
Add requirements to populate your compliance map.
-
From the regulation page, select a requirement and then click Details or from the Compliance Maps home page, select a requirement.
-
In the requirement details page, click + Add new sub-requirement from the More menu.
- Enter the following information:
- ID Enter the identifier of the requirement.
- Title (optional) Optional. Name the requirement.
If you do not enter a title, the first 255 characters of the requirement description displays as the title in the tree view, and is stripped of any HTML or rich text formatting.
- Description Provide a description of the requirement.Note
Rich text fields cannot exceed 524,288 characters.
- Do one of the following:
Save and add another Select this option to save the requirement and add another requirement at the same hierarchical level in the tree view.
- Save and Close Select this option to save the requirement and close the Add new sub-requirement side panel.
The new requirement is highlighted in the tree view and ordered based on ID. In the case that two requirements have the same ID, a secondary ordering method is automatically applied based on the date the requirement was created.
NoteAll requirements are ordered automatically. You cannot configure the order of requirements.
NoteThe number of requirements added to a standard or regulation appears beside the name of that standard or regulation in the list.
Specify if requirements are applicable and covered
Apply professional judgment and rationalize optimal coverage that's sufficient for the organization.
- From the Compliance Maps home page, click the title of the requirement.
The Requirement details page opens.
-
In the Status section, from the dropdown list, select one of the following:
-
Not Applicable: Select this option only if the requirement is not applicable for your organization.
-
Applicable - Not Covered: Select this option if the requirement is applicable but not yet covered.
-
Applicable - Covered: Select this option if the requirement is applicable and already covered for your organization.
NoteBy default, all parent requirements are applicable and not covered. When you create a new sub-requirement, the sub-requirement inherits the Applicable and Covered values from the parent requirement.
-
- (Optional) Select Write rationale to explain why a requirement is marked as applicable, not applicable, covered, or not covered.Tip
You can also copy rationale statements from related requirements. For more information, see View requirements.
Work with linked requirements
If you have imported standards or regulations from the Compliance Library, you can view related requirements, or add rationale statements from related requirements.
Diligent collates related requirements based on industry approved mappings. The maximum number of related requirements you can view is 300. For more information, see Relationships between controls and requirements.
- From the Compliance Maps home page, select the title of the requirement.
- On the requirement details page, expand the Linked Requirements section and filter by standards and regulations.
This shows a list of related requirements along with their statuses. You can check the regulations related to the new requirement. - Select a linked requirement.
This opens a side panel with the requirement details. - The Rationale section displays rationales from related requirements. Click Add to include the rationale.
The new rationale appears in the Rationale section in the requirement details page.- If the requirement you are working on already has a rationale statement, the new rationale is appended to the bottom of the existing rationale.
Tip
To make further adjustments to the rational statement, you can edit it with Edit rationale option.
- Import standards or regulations that contain related requirements If there are related requirements that are not imported to your compliance map, do the following:
In the requirements details page, next to Linked Requirements section, select Import Relevant Regulations.
Select the title of an authoritative document to start the import process.
This takes you to the Compliance library.
- If the requirement you are working on already has a rationale statement, the new rationale is appended to the bottom of the existing rationale.
Link controls to requirements
Showcase your organization's adherence to specifications relevant to the business by mapping controls to requirements. Mapped requirements also appear in Control X-Ray and help auditors familiarize themselves with a control based on mapped requirements.
You can map controls to requirements, either by following automatic suggestions or by manually browsing controls.
Note
The maximum number of controls you can map to a single requirement is 300.
Use the Diligent One Platform AI Suggestion Service to receive recommendations for relevant controls from the available control set based on specific requirements. You can choose to follow these AI-driven recommendations or manually browse and select suitable controls.
To link controls to requirements, follow these steps:
- From the Compliance Maps home page, click the title of the requirement.
- In the requirement details page, click Link controls.
The Link Controls panel opens.NoteIf you do not see Link controls, it means that you are viewing an ancestor or descendant of a requirement that cannot be mapped. You must remove existing mappings in the group before you can map additional controls. For more information, see Relationships between controls and requirements.
- In the Link Control panel, you can do the following:
- Search for a control by entering a keyword in the search box.
You can search for controls by Objective title, Control ID, Control title, or Control description. Search terms are highlighted in the results.
- Click Filter to filter controls by frameworks or objectives.
The search works in combination with any applied filters. If you select a framework or objective filter, and you search for a control, you are only searching within the specified framework or objective.
- Click the side arrow
to expand a framework and view a list of objectives. Click the side arrow
next to the objective to view a list of controls.
- If applicable, click View more to show all frameworks in the Diligent One instance.
- Click the side arrow
- Click AI Suggestions to find the most relevant controls for each requirement. This feature leverages AI integration to deliver improved suggestions, ensuring better matches. It identifies suitable controls by comparing the descriptions of requirements and controls. Scroll down and click Load More to view additional suggestions.
- Search for a control by entering a keyword in the search box.
- In the Link Control panel, you can do the following:
- Click Link beside each control you want to link to the requirement.
View and manage linked requirements
The Linked Control section of the Requirement details page displays the list of linked controls. When you select a linked control, you can perform actions as described in the following table:
Action | Steps |
---|---|
View the linked requirements in detail |
The following information is displayed in a detailed view as a side panel:
|
Compare Control and Requirement description |
When control data is open in the side panel, you can compare the control description with the requirement description by scrolling through both columns side by side. This is essential for initiating compliance work and ensures a clearer understanding of legal requirements. |
Update Control weight |
To indicate the percentage of the requirement that the control covers, adjust the Control weight. You can indicate a value between 0 - 100%. The default coverage is 100%. |
Navigate to Framework application |
|
Add or remove controls |
|
Track compliance progress
Filter the list of requirements to track compliance progress.
From the Compliance Maps page, complete any of the following tasks:
Task | Step | What you see |
---|---|---|
View all applicable requirements across all regulations and standards | Click Applicable. | A list of all applicable requirements, whether or not they have been marked as covered |
View requirements that have not been identified as covered | Click Not covered (Gaps). | A list of applicable requirements that are have not been identified as covered |
View requirements that have been identified as covered | Click Covered. | A list of applicable requirements that have been identified as covered |
View requirements that have been specified as not applicable | Click Not Applicable. | A list of all non-applicable requirements |
Search for requirements | Enter a keyword or phrase in the search box. | A list of requirements that match your search term or phrase. |
View summary information about a standard, regulation, or requirement, including:
| Consult the Coverage, Covered, Issues, Controls and Assurance columns in the nested tree view. |
|
Generate a summary report
Demonstrate your organization's compliance progress by generating a summary report.
- Click Compliance Summary Report.
- Download the Excel report (.xlsx) to your computer.
Any applied filters that you apply on the Compliance Maps page are reflected in the report. Each standard/regulation is displayed on a separate worksheet.
TipManually created requirements that are indexed alphanumerically in your compliance map may be ordered differently in your Excel report. To achieve the same ordering, you can use the following naming strategy for your requirements:
- Parent requirement alphabetical ID
Example A1
- Sub-requirements alphabetical ID + numerical ID
Examples A1-01, A1-02, A1-03
- Parent requirement alphabetical ID