Uploading Compliance Packages
Uploading and maintaining Compliance Packages
Introduction
You manage your library of Compliance Packages under "Compliance Management" > "Compliance Packages". Here you can upload, update and optionally map them. There are three "Tabs" in this module:
- Compliance Packages: upload packages using CSV imports
- Compliance Package Items: add, edit and delete the rows that make a compliance package (every row in the CSV for a compliance package is a "Compliance Package Item")
- Compliance Mappings: you can optionally map in between compliance package items
Changes made here will be automatically reflected on "Compliance Management" > "Compliance Analysis" where the actual mapping between Compliance Requirements and their treatment (Policies, Internal Controls, Exceptions, Projects etc.) takes place.
Uploading
In order to upload a compliance package go to "Compliance Management" > "Compliance Packages", click on “Add” and complete the form, some fields are mandatory and some are optional.
The users you set on the “owners” fields will automatically have access to this package (at "Compliance Management" > "Compliance Analysis"). You can adjust these settings by adding or removing users and groups at any time.
Once the compliance package is created you can import the items into the package by going to "Compliance Management" > "Compliance Packages" and clicking on "Actions" > "Imports". You can upload your custom-made CSV file or one of our pre-compiled packages.
The import uses our standard import function, so any errors on the CSV file will be shown to you before eramba completes the import.
Package Updates
Packages change over time, some change very often some don't. When a package changes you have two options:
- Modify the package you already have in eramba
- Upload the new version from scratch
The decision is largely dictated by the number of changes to the package. For example, if PCI goes from version 3.2 to 4 and the changelog indicates changes on 10 items (by adding, removing or modifying requirements) is much better to:
- Clone the existing package (as a backup of some sort)
- Edit the cloned package with the 10 modifications
- Adjust Policies and controls for those 10 requirements
If the changes are large, for example, the ISO 27001 2022 version, then is best to simply upload a new compliance package and associate Policies, Controls, etc. as needed again.
Editing Packages
If you need to edit the rows inside a compliance package you can click on the Compliance Package Item shortcut, which will take you with a filter to the "Compliance Package Items".
Once on the "Compliance Package Items" section you can edit or delete each row by clicking on the item menu or add new rows by clicking on "Actions" > "Add".
Cloning Packages
Compliance packages will most likely require an update at some point. For example, if PCI moves from version 3.2.1 to 3.4 they will release a new compliance package which will typically include the changes they made.
The best way to move to 3.4 is first to "Clone" the current version (for example 3.2.1) to a new package called PCI 3.4. This will make an exact copy of the 3.2.1 compliance package including all its mappings to Controls, Policies, etc saving time in having to remap them.
Then you can work with this cloned version on the "Compliance Package Items" section adding, editing and deleting whatever changes were made between the two versions.
If there are too many changes you might have to create a new compliance package, import the new requirements and map Controls, Policies, etc. again.
Playlist
- Episode 1Introduction to Compliance Management3 mins left
- Episode 2Problem vs. Solution Principle5 mins left
- Episode 3Typical Compliance Questions8 mins left
- Episode 4Identify Compliance Requirements3 mins left
- Episode 5Compliance Package Database5 mins left
- Episode 6Uploading Compliance Packages3 mins left
- Episode 7Mapping Compliance Packages4 mins left
- Episode 8Identify Compliance Solutions4 mins left
- Episode 9Mapping Solutions to Requirements2 mins left