Regulatory Frameworks

Regulatory Frameworks are a set of best practice recommendations by organizations like the American Institute of Certified Public Accountants (AICPA) for SOC2, General Services Administration for FedRAMP.

 

TABLE OF CONTENTS

 

My Regulatory Frameworks

  1. Go to Frameworks. 
  2. My Regulatory Frameworks Page provides the user with a list of existing Frameworks and their Mappings' progress.
    jwCam0PcrPwgzCXzq9LLzRVOSJLxWeCHgA.png
     
  3. Using the Actions button, the User can,
    • Start Audit 
    • Refresh Mappings
    • Edit
    • Delete
      E__2NtCGr_8wNonW0stNp9ACxEU63rNw9Q.png
    • Start Audit: 
      • Once the program is 100%  mapped, It's ready for Audit.  Click on Start Audit.
  4. y2YXzmZmLsp2OUDTwhKF1LsUeqFUMYyUWQ.png
    • Check the program name and provide the program owner (Secondary Owner if needed). Click Create Program.
    • The program is ready for an audit and sent for review to the Auditor and is available to check its status on the Audit Page.    

Add Regulatory Framework

 

  1. Go to Frameworks.
  2. Click on Add Regulatory Framework
    YdPaks3nWCBEMJBv2zPDRMRhokuIRviD5Q.png
  3. Choose a Framework and click Start, which takes you to an Import screen, and click Start Import.
  4. Review the imported Framework in the Frameworks Page.
    f1O_uvlZR3JciAAfhzR_6Jq0qrxHR5-9Xg.png

View Regulatory Frameworks

  1. Go to Frameworks. 
  2. Click on a specific program to view the readiness and its mapping. 
    • Requirements
    • Action items
    • Controls
    • Reports
    • Documents        
mTZZCcAP_hfw-2RDyhefAHLzU-0xcbK86g.png
  • Requirements: 
    • Requirements that belong to different categories ( Security, Privacy, Processing Integrity, Availability, and Confidentiality) are available with the Mapped Controls and open Data requests.
    • Requirements can be filtered using, 
      • Search Requirements - Search through Name.
      • Mapped Controls - Mapped / Not Mapped.
      • Status - Not Ready / Ready for Review / Review Compleated / Audited.
      • Scope - In Scope / Out of Scope.
xAGiR6JXcauKmyVkg2lsk4BB_lvL50lzsw.png

 

  • Action Items: A list of Open Action items are available to create/view/ update/ delete.
m56TN2XYfEssI4OkMwzO2w9tMLawK8SS_Q.png
  • Mapped Controls: The number of mapped controls to the requirements and their statuses are available.             
NhMheQN_6Kh-1x7aJ4_DMCOgxTaV_hI--A.png

 

  • Reports: Generated reports are available to view/download; the Reports can be generated using Generate Report.
qmOdhWYxrIFVRFJkNm2utuo5OwhR62DsmQ.png

 

  • Documents: All the attached documents of the framework are visible here.                                                                                                                 
    XaUT9ZEn91fTvux4xPyP03VZzMInXZ_S6Q.png

 

Update Regulatory Frameworks

  1. Go to Frameworks. 
  2. Click on a Requirements to view the controls mapped (shown in green), and the number of controls required to be mapped (shown in red) for each requirement are available.          
rGL6-YcThRk3EWztdtHRswzNy06JSYcjwQ.png

         

  • Click on the requirement that needs to be updated, and the user can update/view the mapped controls to the requirement.
zDqfMiSC_YO0rEnUSaG1j-uHcodmN8Q_mQ.png

 

  • Below screens help the user to understand more about the control through the description and allows the user to view/update as required.
LxM1yyjjgCxllidBypU_YUaWbCvNFABYlA.png
W6V1DuyVy_jyyytfT3-icfjRvPujSS-lmw.png

 

  • Go back to the Requirements page to view the updated Requirement.