Compliance quick start
This quick start is intended for advanced users that want to centralize the documentation of requirements and their mapped controls in Compliance Maps, assess compliance requirements coverage, and report on compliance status in real-time.
Why should I use Compliance Maps?
Compliance Maps enables you to track and map the requirements that matter most, and aggregate testing and issues data across all projects. You can quickly visualize coverage and track regulatory changes to provide boards, regulators, and executive teams with a holistic understanding of your organization’s global compliance posture, and demonstrate an overall compliance assurance score to measure your program's success.
Before you start
To complete this quick start, you must be assigned the Compliance Maps privilege with Read/Write access.
Before you can manage compliance, you need to:
- Set up a framework with controls see Managing controls using frameworks
- Import the framework controls to projects see Importing controls
To aggregate testing results and issues data from projects, you or someone on you team must complete the following tasks:
- Assess the design and effectiveness of controls see Testing controls
- Identify issues see Recording issues
1. Import authoritative documents
- From the Projects homepage, under Planning And Results, click Compliance Maps.
The Compliance Maps page opens.
- Click Manage Standards and Regulations.
- Click Import From Library, select the relevant documents, and confirm the import.
Result The relevant documents, populated with requirements, are imported to the Compliance Map.
2. Rationalize requirements and map controls to requirements
- Click < Back to return to the Compliance Maps page, expand the authoritative document, and click the title of the appropriate requirement.
The Requirement Details side panel opens.
- Next to Applicable, specify whether or not the requirement is applicable to the organization.
- If you selected Yes to Applicable, specify whether or not the requirement is covered by selecting Yes or No next to Covered.
- Optional. Next to Rationale, specify the reason for marking a requirement as applicable / not applicable and covered / not covered.
- Click + Map Controls.
The Framework Controls side panel opens.
- Select the appropriate control(s) and click Done.
- Click Done to close the Requirement Details side panel.
- Repeat steps 1-7 for each requirement.
Result You have rationalized requirements and decided on the level of compliance coverage you want to achieve. Each selected control is mapped to the requirement.
3. Demonstrate compliance progress
- View the summary information on the Compliance Maps page:
- Click Compliance Summary Report.
- Download the Excel report (.xlsx).
Result You have generated a real-time report that communicates the status of various control areas as well as the compliance program's progress as a whole.