The compliance management menu consists of the following register types, which will let you view, search/filter, add, and manage compliances in your organisation.
- Compliance Obligations Register
- Authority Document Register
- Policy Register
If your organisation has configured any additional registers, these will be listed down in this menu too.
You can access Compliance Registers via the left-hand navigation panel too.
The Compliance Obligations Register will display all the compliances recorded in the system, and will provide a high-level overview of its status.
This area is the central point for organisations to manage individual obligations that they need to comply with. These obligations may arise from different sources of authority documents, but all are various aspects of compliance that an organisation is striving towards achieving. Individual compliance obligations can be broken down to sub-obligations where relevant. Obligations can be assigned to individuals who are responsible for ensuring its compliance, be rated to indicate current rate of compliance, be reviewed regularly (on a set frequency) and actions formulated to increase or maintain compliance.
For example, maintaining a robust asset management process is a critical requirement for multiple cybersecurity frameworks (NIST, ISO 27001, COBIT 5, etc.). Therefore, that can be a compliance obligation in this register, assigned to a suitable individual (e.g. Head of IT or Infrastructure Manager). This can additionally be broken down to sub-obligations, for example maintaining a ‘device and system inventory’ and an ‘external systems catalogue’ can be part of the broader asset management process. These may need to be assigned out to different individuals and therefore makes management of the parent obligation easier.
For each compliance, the following fields will be displayed:
A code is provided within the compliance details page.
This will be the title of the compliance.
This will be the type of the compliance, as recorded within the compliance details page, using the ‘Module’ filter.
The staff member or point of contact that the compliance is assigned to, via the compliance details page.
This is the status of the compliance: Pending Review, Due for Review, Non complaint, Partially Complaint, Fully Complaint, or Non Applicable.
|Priority||This is the priority selected when creating the compliance record, and defined under Compliance Settings > Priority.|
Note: This will be the default register configuration. However, an administrator can define the layout of a register, via Settings > Register Configuration.
The 'Filter' button at the top-right corner of the window, will let you search and filter specific data. You can configure what you wish to display as filters under Compliance Settings > Register Configuration > [select compliance object] > [set Searchable to 'true' in the field table].
Filter records by a compliance code provided within the compliance details page.
Filter records by a compliance title.
Filter records by a multi-select list of compliance types.
Filter records by a multi-select list of staff members set as a responsible officer.
Filter records by a multi-select list of compliance statuses.
|Priority||Filter records by a multi-select list of compliance priorities.|
Filter records by a multi-select list of categories.
Filter records by a multi-select list of review frequencies.
|Register View||Filter by parent and child compliance obligation records.|
Save as Default
Select this checkbox to save your search criteria as a default template for your login credentials. This will be saved for you, each time you access the compliance register.