Control Assessment by Entity and Regulatory Framework
The assessment template “Control assessment by entity and regulatory framework” enables to assess the organization IT compliance with applicable regulations.
Assessment contexts
Controls are assessed in the context of processes and applications.
The assessed controls are connected to a control directive of a regulatory framework impacting:
• a process directly or indirectly connected to the entity
• an application connected to a process, which is directly or indirectly connected to the entity
Controls are to be selected in the following tree: Regulatory Framework > Control directive > Context (application or process) > Control
Controls can be connected to risks, which are connected to applications or processes.Controls connected to an application non connected to a process are excluded.Prerequisites
Check that you have:
• connected controls to control directives.
• connected controls to processes or applications.
• defined respondents.
• for applications: the application owner
• For processes: the control responsible user
• specified an e-mail for each respondent.
Possible use
This assessment template can bu used with the framework of:
• control assessment campaigns
• multiple direct assessment
Specific reports enable to follow-up the compliance process progress. See IT Regulatory Compliance Reports.