HOPEX Aquila EN

If you have regulation frameworks and requirements in your repository and if you want to be able to reuse them in HOPEX GRC, see Reusing Regulation Data.

The compliance register does not display everything that has been imported from UCF. It only displays the regulation articles the compliance officer has declared as applicable after import. For further details, see .For further details, see Defining the Applicable Regulatory Content.

• rules that are internal to the organization: business policies

Concepts Used in the Compliance Register

HOPEX Concept	Definition
Regulatory framework	A regulatory framework is an authority document falling under any of following categories: regulations (rules of law that, if not followed, can result in penalties), guidelines, standards, best practices.
Article (of regulatory framework)	An article is a citation from a regulatory framework and is usually associated to a mandated control directive.
Section (of regulatory framework)	A section is a citation from a regulatory framework without any mandated control directive, but containing other sections or articles.
Control directive	Control directives are an interpretation of the law and contribute to the enforcement of any regulation article your organization has to comply with.
Policy framework	A policy framework consists of a number of business policies. Policy frameworks may contain sections.
Business policy	A business policy is an internal document issued by an organization (security measure, best practice, etc.).

Accessing the Elements of the Compliance Register

You can view the elements of the compliance register via different lists and trees.

Displaying elements as a list

Your control directives and business policies can be classified in different lists available from a drop-down menu:

• without controls

• connected to controls which have never been executed

• connected to failed controls

To access these lists:

In the navigation bar, select Compliance > Relevant Regulations, then:

• Control Directives

• Business Policies

Columns indicate, for each control directive:

• whether the control directive/business policy constrains your organization

• the number of implementing controls

To list existing implementing controls or create one:

Open the properties of a control directive/business policy and use the Enforcement section.

Displaying control directives in a tree of regulatory frameworks

To display control directives in a tree:

In the navigation bar, select Compliance > Relevant Regulations > Control Objectives > By Regulatory Framework.

This tree enables you to view articles and control directives your organization needs to comply with. It displays:

• regulatory frameworks

• control directives implementing articles

• associated controls

Displaying business policies in a tree

To display business policies:

In the navigation bar, select Compliance > Relevant Regulations > Business Policies > By Policy Framework.

This tree enables you to view business policies your organization needs to comply with.

It displays:

• the number of implementing controls

• compliance rate

The compliance rate is the percentage of “Pass” controls.

• the control level

The Control level characterizes the efficiency level of control elements deployed (controls) to mitigate the risk.