Regulation Frameworks
A regulation framework is a set of directives, compulsory or not, defined by a government in a law, by standard bodies as "best practices" or as an internal policy in an organization.Accessing the regulation frameworks of the organization
To access the list of regulation frameworks from the Design pane:
1. Select Control & Risks.
2. Click the All regulation frameworks tile.
The list of regulation frameworks for the organization is displayed.
You can import into your repository libraries containing description of a regulation framework with its associated requirements, risk types, risk factors and control types.
There can also be regulation frameworks internal to the organization serving as a guide to governance. In this documentation, the terms "Regulation" or "regulation framework" are used to refer to both internal and external regulations.Create a regulation framework
To create an regulation framework from the Design pane:
1. Select Control & Risks > All regulation frameworks.
2. Click the New button.
3. Enter the regulation framework name and click OK.
The new regulation framework appears in the navigator menu tree.
Regulation framework characteristics
To access the general characteristics of a regulation framework:
Open the Characteristics property page of the regulation framework.The characteristics are as follows:
• The Regulation Code , which is internal,
• Regulation Scope, which can be international, local, a country or group of countries, etc.
• Regulation Date, open-ended text that specifies the year or application period of the regulation
• Application Begin Date of the regulation
• Application End Date of the regulation
• Regulation Status
the Regulation Status appears grayed and cannot be modified since it is managed by the workflow associated with the regulation framework. For more information, see HOPEX Internal Control.• The date of the Last Update of the regulation.
Regulation framework classifications
To access the classifications of a regulation framework:
Open the Classifications property page of a regulation framework and select a classification from among the following:• Risk types, see Risk types;
A risk type defines a risk typology standardized within the context of an organization.If you select Risk Types, for the list of risk types associated with the regulation framework appears.
• Risk factors, see Risk factors;
A risk factor is an element which contributes to the occurrence of a risk or which triggers a risk. Several Risks can originate from a same Risk Factor Examples: the use of a hazardous chemical product, the complexity of an application, the size of a project, the number of involved parties, the use of a new technology, the lack of quality assurance, the lack of rigor in requirements definition…• Control types, see Control Types.
A control type allows the classification of controls implemented in a company in accordance with regulatory or domain specific standards (Cobit, etc.).Regulation framework requirements
To access the requirements of a regulation framework:
Open Requirements property page of the regulation framework that interests you.A requirement is a need or expectation explicitly expressed, imposed as a constraint to be respected within the context of a project. This project can be a certification project, or an enterprise information system organization or modification project.Control systems of a regulation framework
To access the Control systems of a regulation framework:
Open the Control systems property page of the control system that interests you.A control system is a set of controls that ensure risk prevention and management, application of internal operating rules, respect a law or regulation, or work towards achievement of an objective as defined by company strategy. Examples: quality control system, control system relating to IT and Privacy, management control system, internal audit systemFor more details on control systems, see Control Systems.