Managing the Compliance Register
In the compliance register, internal controllers can manage:
• regulations: regulatory frameworks, articles and control directives applicable to the organization.
If you have regulation frameworks and requirements in your repository and if you want to be able to reuse them in HOPEX IRM, see Reusing Regulation Data.The compliance register does not display everything that has been imported from UCF. It only displays the regulation articles the compliance officer has declared as applicable after import. For more details, see Defining the Applicable Regulatory Content.• rules that are internal to the organization: business policies
Concepts Used in the Compliance Register
|
HOPEX Concept
|
Definition
|
|---|---|
|
Regulatory framework
|
A regulatory framework is an authority document falling under any of following categories: regulations (rules of law that, if not followed, can result in penalties), guidelines, standards, best practices.
|
|
Article (of regulatory framework)
|
An article is a citation from a regulatory framework and is usually associated to a mandated control directive.
|
|
Section (of regulatory framework)
|
A section is a citation from a regulatory framework without any mandated control directive, but containing other sections or articles.
|
|
Control directive
|
Control directives are an interpretation of the law and contribute to the enforcement of any regulation article your organization has to comply with.
|
|
Policy framework
|
A policy framework consists of a number of business policies. Policy frameworks may contain sections.
|
|
Business policy
|
A business policy is an internal document issued by an organization (security measure, best practice, etc.).
|
Accessing the Elements of the Compliance Register
You can view the elements of the compliance register via different lists and trees.
Displaying elements as a list
Your control directives and business policies can be classified in different lists available from a drop-down menu:
• All control directives / business policies
• Control directives/business policies without controls
• Control directives/business policies with controls never executed
• Control directives/business policies with deficient controls
To access these lists:
In the navigation menu, select Registers > Compliance.• All control directives
• All business policies
Columns indicate, for each control directive:
• whether the control directive/business policy constrains your organization
• the number of implementing controls
To list existing implementing controls or create one:
Open the properties of a control directive/business policy and use the Enforcement section.Displaying control directives in a tree of regulatory frameworks
To display control directives in a tree:
From the navigation menu, select Registers > Compliance > By Regulatory Framework.This tree enables you to view articles and control directives your organization needs to comply with. It displays:
• regulatory frameworks
• control directives implementing articles
• associated controls
Displaying business policies in a tree
To display control directives in a tree:
In the navigation menu, select Registers > Compliance > By Policy Framework.This tree enables you to view business policies your organization needs to comply with.
It displays:
• the number of implementing controls
• compliance rate
• the control level