HOPEX IT Risk Management : HOPEX IT Risk Management : Using HOPEX IT Risk Management : Managing IT Compliance
   
Managing IT Compliance
 
Building Controls and Control Type Inventories
Links between controls and control types
Linking control types to regulatory requirements
Defining the application scope of the control
Defining Regulatory Requirements to be Met
Identifying Controls on Applications
Direct Control Assessment
Assessing controls directly
Template used to assess controls
Within the framework of managing IT risks, controls are used to ensure compliance.
You can:
document controls relating to applications managed within the regulatory frameworks in force (example: ISO 2700x).
connect these controls to the regulatory requirements to be respected.
*For more details on controls, see “Controls", page 474.
assess the controls directly or via assessment campaigns.
You can, at any time, generate compliance summary reports on the regulation frameworks in force and on the efficiency of the control procedure.
*For more details, see "IT Compliance Reports".