Mapping Solutions to Requirements
Linking Internal Controls, Policies, Projects, etc. to your Compliance Requirements
Introduction
In this episode, we explain how the solutions you have identified are linked to Compliance Requirements. This process is done manually (one by one) or using CSV imports.
Actions
Unlike other modules in eramba, there is no "Add" option on the action menu. The reason for this is that the association between solutions (Internal Controls, Policies, Exceptions, etc.) is done one by one on the existing compliance requirements. For that reason, you need to "edit" each requirement instead of "adding" new items.
Editing the treatment of each compliance requirement will result in solutions being displayed on the filter as shown in the screenshot below.
You can use CSV imports to "bulk" edit all mappings if you wish. You can upload this CSV as many times as you want and the table will simply update with whatever content you push into the system.
Roles
At the time the Compliance Package was created you specified a role that was automatically passed into the Compliance Analysis module. This role is supposed to be the "Expert" for this requirement, the person who understands what the expectation is. This is not necessarily the person who operates the "solutions" for this problem.
You can modify the Owner individually for each requirement in the Compliance Analysis module.
General Tab
When editing compliance requirements you will be presented with several tabs, the first being "General".
The key fields here are:
- Strategy: this is something we have explained in previous episodes, the options presented in this field should have identified it as part of the solution identification process.
- Efficacy: this field is used to subjectively define to what extent the solutions for this requirement address the problem. You might have the feeling that more could be done in order to fully treat a requirement and therefore the efficacy is not %100.
Treatment Tab
The treatment tab is where the "solutions" to your requirement will be selected. As part of the solution identification process, you should know what items you need to choose from your catalogue of Policies, Internal Controls, Exceptions and Projects.
You should have created solutions beforehand for options to be shown on these dropdowns.
Risks Tab
In some scenarios, you might want to associate Risks from the risk module with compliance requirements. This is sometimes needed as part of ISO-related certifications.
Findings
You can also link Compliance Findings to your requirements. After an auditor reviews the extent of your compliance program eventually findings will pop and they can be documented in the Compliance Analysis Finding module.
Playlist
- Episode 1Introduction to Compliance Management3 mins left
- Episode 2Problem vs. Solution Principle5 mins left
- Episode 3Typical Compliance Questions8 mins left
- Episode 4Identify Compliance Requirements3 mins left
- Episode 5Compliance Package Database5 mins left
- Episode 6Uploading Compliance Packages3 mins left
- Episode 7Mapping Compliance Packages4 mins left
- Episode 8Identify Compliance Solutions4 mins left
- Episode 9Mapping Solutions to Requirements2 mins left