Managing the Compliance Register
 
Concepts Used in the Compliance Register
Accessing the Elements of the Compliance Register
Displaying elements as a list
Displaying control directives in a tree of regulatory frameworks
Displaying business policies in a tree
Viewing Regulatory Frameworks
Accessing regulatory frameworks
Regulatory framework overview & description
Content of a regulatory framework
Viewing Regulation Articles
Accessing regulation articles
Connecting or viewing objects subjected to a regulation article
Enforcement of a regulatory article
Connecting Business Documents
Viewing Control Directives
Accessing control directives
Viewing articles associated to a control directive
Supported and supporting directives
Enforcement level of control directives
Viewing Hopex controls implementing a control directive
Attaching business documents or external references
In the compliance register, internal controllers can manage:
regulations: regulatory frameworks, articles and control directives applicable to the organization.
*If you have regulation frameworks and requirements in your repository and if you want to be able to reuse them in Hopex GRC, see Reusing Regulation Data.
*The compliance register does not display everything that has been imported from UCF. It only displays the regulation articles the compliance officer has declared as applicable after import. For more details, see Defining the Applicable Regulatory Content.
rules that are internal to the organization: business policies
Concepts Used in the Compliance Register
 
HOPEX Concept
Definition
Regulatory framework
A regulatory framework is an authority document falling under any of following categories: regulations (rules of law that, if not followed, can result in penalties), guidelines, standards, best practices.
Article (of regulatory framework)
An article is a citation from a regulatory framework and is usually associated to a mandated control directive.
Section (of regulatory framework)
A section is a citation from a regulatory framework without any mandated control directive, but containing other sections or articles.
Control directive
Control directives are an interpretation of the law and contribute to the enforcement of any regulation article your organization has to comply with.
Policy framework
A policy framework consists of a number of business policies. Policy frameworks may contain sections.
Business policy
A business policy is an internal document issued by an organization (security measure, best practice, etc.).
Accessing the Elements of the Compliance Register
You can view the elements of the compliance register via different lists and trees.
Displaying elements as a list
Your control directives and business policies can be classified in different lists available from a drop-down menu:
without controls
connected to controls which have never been executed
connected to failed controls
To access these lists:
*In the navigation bar, select Compliance > Relevant Regulations, then:
Control Directives
Business Policies
Columns indicate, for each control directive:
whether the control directive/business policy constrains your organization
the number of implementing controls
To list existing implementing controls or create one:
*Open the properties of a control directive/business policy and use the Enforcement section.
Displaying control directives in a tree of regulatory frameworks
To display control directives in a tree:
*In the navigation bar, select Compliance > Relevant Regulations > Control Objectives > By Regulatory Framework.
This tree enables you to view articles and control directives your organization needs to comply with. It displays:
regulatory frameworks
control directives implementing articles
associated controls
Displaying business policies in a tree
To display business policies:
*In the navigation bar, select Compliance > Relevant Regulations > Business Policies > By Policy Framework.
This tree enables you to view business policies your organization needs to comply with.
It displays:
the number of implementing controls
compliance rate
the control level