Regulations
Regulations to be considered can be:
• financial (SOX, LSF)
• sectorial (Basel II, Solvency II, Seveso II)
• linked to protection of persons for example.
A regulation or policy is a set of directives, compulsory or not, defined by a government in a law, by standard bodies as "best practices" or as an internal policy in an organization.
There can also be organization internal policies serving as a guide to governance.In this documentation, the term "Regulation" is used, whether it relates to an internal or an external regulation.Accessing organization regulations
To access the list of regulations:
In the Environment desktop, select Regulatory Environment > Regulations.The list of organization regulations is displayed.
Regulation Characteristics
To access general characteristics of a regulation:
In the page listing regulations, select that which interests you and click Properties.You can consult or modify the characteristics of the regulation:
• Regulation Code
• Application Begin Date of the regulation
• Application End Date of the regulation
You can also:
• specify RACI elements: see RACI.
• define regulation scope:
• Requirement
A requirement is a need or expectation explicitly expressed, imposed as a constraint to be met within the context of a project. This project can be a certification project or an organizational project or an information system project.• Risk types
A risk type defines a risk typology standardized within the context of an organization.• Risk factors
A risk factor is an element which contributes to the occurrence of a risk or which triggers a risk. Several risks can originate from the same risk factor. Examples: the use of a hazardous chemical product, the complexity of an application, the size of a project, the number of involved parties, the use of a new technology, the lack of quality assurance, the lack of rigor in requirement definition, etc.• Risk consequences
A risk consequence can be positive or negative. It is associated with a type, which enables its characterization, for example: image, environment, employees.• Control systems
A control system is a set of controls that ensure risk prevention and management, application of internal operating rules, respect a law or regulation, or work towards achievement of an objective as defined by company strategy. Examples: quality control system, management control system, internal audit system.• Business lines
A business line is a skill or grouping of skills of interest for the enterprise. It corresponds for example to major product segments, to distribution channels or to business activities.• Business and organizational processes
A business process represents a system that offers products or services to an internal or external client of the company or organization. At the higher levels, a business process represents a structure and a categorization of the business. It can be broken down into other processes. The link with organizational processes will describe the real implementation of the business process in the organization. A business process can also be detailed by a functional view.An organizational process describes how to implement all or part of the process required to make a product or handle a flow.• Sub-regulations: within the HOPEX IT Risk Management framework.