Create a compliance map

Centralize the documentation of requirements and their mapped controls, and automatically aggregate testing results and issues to easily assess compliance requirements coverage and report on compliance status in real-time.

Before you start

Before you can manage compliance, you need to:

To aggregate testing results and issues data from projects, you or someone on your team must complete the following tasks:

Note

  • Interface terms are customizable, and fields and tabs are configurable. In your instance of Diligent One, some terms, fields, and tabs may be different.
  • If a required field is left blank, you will see a warning message: This field is required. Some custom fields may have default values.

Permissions

Users assigned Compliance Maps Privileges with Read/Write access can create a compliance map.

Why are some standards and regulations locked?

While working in Compliance Maps, you may notice that some imported standards and regulations are locked. A lock icon indicates that these actions are read-only.

This is because when we source these standards and regulations, the providers sometimes specify that customers can't modify the content from the templates they provide. As a result, modification actions are unavailable, including editing any part of any standards, regulations, or associated requirements; adding subrequirements; and deleting requirements.

Workflow

Add standards or regulations

Add a standard or regulation to your compliance map manually, or import available standards and regulations from the Compliance Library. (To generally view standards and regulations in the Compliance Library, see Importing standards and regulations, section Manage Diligent-provided standards or regulations .)

  1. Open the Compliance Maps app.
  2. The Compliance Maps home page opens.
  3. Complete any of the following tasks:
    TaskSteps
    Import available standards or regulations
    1. Click Import standard or regulation.

      The Compliance Library opens.

    2. Search for and select the relevant standards or regulations you want to import.

      Some standards and regulations are only available in read-only format. For more information, see Importing standards and regulations.

      Note

      Certain standards and regulations are only available by subscribing to Diligent Content Suites. For more information, see Content & Intelligence Gallery.

    3. Click Import.
    4. Once the import is complete, click the Open button for the newly-imported standard or regulation.

      Result – You will return to the Compliance Maps home page with the side panel open for the newly-imported standard or regulation, and the standard or regulation expanded in the list view to show its top-level requirements.

    5. Skip the steps under Add requirements and proceed to Specify if requirements are applicable and covered.
    Accessing additional standards and regulationsSome standards and regulations display a Contact for access label. Contact your Customer Success Manager to learn how to access these standards and regulations.
    Manually add a standard or regulation
    1. Click Create new.

      The Add standard and regulation side panel opens.

    2. Enter the following information:
      • Title Name the standard or regulation.

        The character limit is 255. The name must be unique.

      • Description (optional) Provide a description of the standard / regulation.
        Note

        Rich text fields cannot exceed 524,288 characters.

    3. Do one of the following: 
      • To add the standard or regulation and close the panel, click Save and Close.

        The standard or regulation is added to the compliance map.

      • To add a requirement to the standard or regulation, click Save and add requirement, and proceed to step 3 of Add requirements.

View and Manage standards or regulations

The regulation page provides a comprehensive view of a regulation. It enables you to search for specific requirements within the regulation and view the statuses of these requirements along with their associated controls.

To view a regulation, follow these steps from the Compliance Maps home page:

View Steps
High-level details

To view details such as title, description, and source of a regulation, select Show details from the More menu in the Actions column.

Detailed view
  1. Click the standard or regulation name.

  2. On the regulation page, do the following:

  • Review the list of requirements, their relationships such as number of linked controls and requirements, and their status.

  • Search for specific requirements within a regulation by entering ID, title, or description.

  • View requirements descriptions within the overall context of the regulation.

  • Create subrequirements for a standard or regulation. (Select +Add new sub-requirement).
    When you add subrequirements, they are added to the same hierarchy as the top-level view of a regulation. This ensures the subrequirement is contextualized within the full scope of the regulation and added directly at the requirement level.

  • Switch between regulations. (Select the switch icon and select the standard or regulation from the list.)

  • Navigate to the requirements details page from the regulations page by clicking the Details button next to a requirement.

 

View requirements

You can view the requirements from the regulation page. To navigate to the Requirement details page, open a regulation and then select Details.

Add requirements

Add requirements to populate your compliance map.

  1. From the regulation page, select a requirement and then click Details or from the Compliance Maps home page, select a requirement.

  2. In the requirement details page, click + Add new sub-requirement from the More menu.

  3. Enter the following information:
    • ID Enter the identifier of the requirement.
    • Title (optional) Optional. Name the requirement.

      If you do not enter a title, the first 255 characters of the requirement description displays as the title in the tree view, and is stripped of any HTML or rich text formatting.

    • Description Provide a description of the requirement.
      Note

      Rich text fields cannot exceed 524,288 characters.

  4. Do one of the following:
    • Save and add another Select this option to save the requirement and add another requirement at the same hierarchical level in the tree view.

    • Save and Close Select this option to save the requirement and close the Add new sub-requirement side panel.

      The new requirement is highlighted in the tree view and ordered based on ID. In the case that two requirements have the same ID, a secondary ordering method is automatically applied based on the date the requirement was created.

      Note

      All requirements are ordered automatically. You cannot configure the order of requirements.

      Note

      The number of requirements added to a standard or regulation appears beside the name of that standard or regulation in the list.

Specify if requirements are applicable and covered

Apply professional judgment and rationalize optimal coverage that's sufficient for the organization.

  1. From the Compliance Maps home page, click the title of the requirement.

    The Requirement details page opens.

  2. In the Status section, from the dropdown list, select one of the following:

    • Not Applicable: Select this option only if the requirement is not applicable for your organization.

    • Applicable - Not Covered: Select this option if the requirement is applicable but not yet covered.

    • Applicable - Covered: Select this option if the requirement is applicable and already covered for your organization.

    Note

    By default, all parent requirements are applicable and not covered. When you create a new sub-requirement, the sub-requirement inherits the Applicable and Covered values from the parent requirement.

  3. (Optional) Select Write rationale to explain why a requirement is marked as applicable, not applicable, covered, or not covered.
    Tip

    You can also copy rationale statements from related requirements. For more information, see View requirements.

Work with linked requirements

If you have imported standards or regulations from the Compliance Library, you can view related requirements, or add rationale statements from related requirements.

Diligent collates related requirements based on industry approved mappings. The maximum number of related requirements you can view is 300. For more information, see Relationships between controls and requirements.

  1. From the Compliance Maps home page, select the title of the requirement.
  2. On the requirement details page, expand the Linked Requirements section and filter by standards and regulations.
    This shows a list of related requirements along with their statuses. You can check the regulations related to the new requirement.
  3. Select a linked requirement.
    This opens a side panel with the requirement details.
  4. The Rationale section displays rationales from related requirements. Click Add to include the rationale.
    The new rationale appears in the Rationale section in the requirement details page. 
    • If the requirement you are working on already has a rationale statement, the new rationale is appended to the bottom of the existing rationale.

      Tip

      To make further adjustments to the rational statement, you can edit it with Edit rationale option.

    • Import standards or regulations that contain related requirements If there are related requirements that are not imported to your compliance map, do the following:
      1. In the requirements details page, next to Linked Requirements section, select Import Relevant Regulations.

      2. Select the title of an authoritative document to start the import process.

        This takes you to the Compliance library.

Link controls to requirements

Showcase your organization's adherence to specifications relevant to the business by mapping controls to requirements. Mapped requirements also appear in Control X-Ray and help auditors familiarize themselves with a control based on mapped requirements.

You can map controls to requirements, either by following automatic suggestions or by manually browsing controls.

Note

The maximum number of controls you can map to a single requirement is 300.

Use the Diligent One Platform AI Suggestion Service to receive recommendations for relevant controls from the available control set based on specific requirements. You can choose to follow these AI-driven recommendations or manually browse and select suitable controls.

To link controls to requirements, follow these steps:

  1. From the Compliance Maps home page, click the title of the requirement.
  2. In the requirement details page, click Link controls.
    The Link Controls panel opens.
    Note

    If you do not see Link controls, it means that you are viewing an ancestor or descendant of a requirement that cannot be mapped. You must remove existing mappings in the group before you can map additional controls. For more information, see Relationships between controls and requirements.

    • In the Link Control panel, you can do the following:
      • Search for a control by entering a keyword in the search box.

        You can search for controls by Objective title, Control ID, Control title, or Control description. Search terms are highlighted in the results.

      • Click Filter to filter controls by frameworks or objectives.

        The search works in combination with any applied filters. If you select a framework or objective filter, and you search for a control, you are only searching within the specified framework or objective.

        • Click the side arrow to expand a framework and view a list of objectives. Click the side arrow next to the objective to view a list of controls.
        • If applicable, click View more to show all frameworks in the Diligent One instance.
      • Click AI Suggestions to find the most relevant controls for each requirement. This feature leverages AI integration to deliver improved suggestions, ensuring better matches. It identifies suitable controls by comparing the descriptions of requirements and controls. Scroll down and click Load More to view additional suggestions.
  3. Click Link beside each control you want to link to the requirement.

View and manage linked requirements

The Linked Control section of the Requirement details page displays the list of linked controls. When you select a linked control, you can perform actions as described in the following table:

Action Steps
View the linked requirements in detail

The following information is displayed in a detailed view as a side panel:

  • Control ID The control identification code
  • Owner The person responsible for the control
  • Control title The title of the control
  • Description Detailed information about the control
  • Framework The framework where the control is coming from
  • Testing results Control tests that have passed, failed, and controls that have not yet been tested
  • Issues An aggregate number of open issues across all project controls linked to the framework control

    Clicking the issue count link provides a pop-up list of issues. You can click an individual issue to navigate to detailed information.

    Note

    The aggregate issue count is based on all open published issues from active projects that are associated with walkthroughs, test plans, and testing rounds.

Compare Control and Requirement description

When control data is open in the side panel, you can compare the control description with the requirement description by scrolling through both columns side by side. This is essential for initiating compliance work and ensures a clearer understanding of legal requirements.

Update Control weight

To indicate the percentage of the requirement that the control covers, adjust the Control weight.

You can indicate a value between 0 - 100%. The default coverage is 100%.

Navigate to Framework application
  • To navigate to the control in the framework, click the ID link.
  • To navigate to the framework, click the framework link.
Add or remove controls
  • To remove the control association from the requirement, click Unlink.
  • To link additional controls to the requirement, click + Link controls.
  • To view a list of controls that have been mapped to a single ancestor requirement, or all descendant requirements, and the aggregate number of issues for each control, view the Related controls section.
    • Clicking the control ID link redirects you to the Control page in the applicable framework.
    • Clicking the issue count link provides a pop-up list of issues.

      You can click an individual issue to navigate to detailed information.

 

Track compliance progress

Filter the list of requirements to track compliance progress.

From the Compliance Maps page, complete any of the following tasks:

TaskStepWhat you see
View all applicable requirements across all regulations and standards

Click Applicable.

A list of all applicable requirements, whether or not they have been marked as covered
View requirements that have not been identified as coveredClick Not covered (Gaps).

A list of applicable requirements that are have not been identified as covered

View requirements that have been identified as coveredClick Covered.A list of applicable requirements that have been identified as covered
View requirements that have been specified as not applicable Click Not Applicable.

A list of all non-applicable requirements

Search for requirementsEnter a keyword or phrase in the search box.A list of requirements that match your search term or phrase.

View summary information about a standard, regulation, or requirement, including:

  • the extent to which it is covered or not covered
  • whether or not it has been identified as covered
  • whether or not it has been associated with at least one control
  • the aggregate number of open issues associated with it
  • the current assurance calculation for a standard, regulation, or requirement
Consult the Coverage, Covered, Issues, Controls and Assurance columns in the nested tree view.
  • Coverage The percentage of requirements for a standard or regulation that have been identified as covered. Learn how coverage is calculated.
  • Covered An indication ( or ) of whether or not a requirement is covered (based on your identification of the requirement as Covered or Not Covered. Standards and regulations are considered covered when all of their requirements have been identified as covered.
  • Issues An aggregate issue count associated with each standard or regulation, and with the topmost (root) requirements in the tree. Clicking the issue count link provides a popup list of issues. You can click an individual issue to navigate to detailed information.
  • Controls An icon () indicates requirements that have had at least one control mapped to them.
  • Assurance A calculation that represents your organization's confidence in requirements being met. Learn how compliance assurance is calculated.

Generate a summary report

Demonstrate your organization's compliance progress by generating a summary report.

  1. Click Compliance Summary Report.
  2. Download the Excel report (.xlsx) to your computer.

    Any applied filters that you apply on the Compliance Maps page are reflected in the report. Each standard/regulation is displayed on a separate worksheet.

    Tip

    Manually created requirements that are indexed alphanumerically in your compliance map may be ordered differently in your Excel report. To achieve the same ordering, you can use the following naming strategy for your requirements:

    • Parent requirement alphabetical ID

      Example A1

    • Sub-requirements alphabetical ID + numerical ID

      Examples A1-01, A1-02, A1-03