- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2024 05:37 AM
Hi all,
I the Authority Doc is a summary and reference to external legislation/regulation that breaks down into citations that are smaller parts, that describe in detail specific parts of the Authority Doc, The Policy is an adaptation of the regulation and breaks down into control objectives that answer the question what has to be done to comply with a policy? Is my understanding correct?
Any examples?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-17-2024 11:33 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2024 09:59 PM
Policies are internal to organization. Usually, all the policy statement that requires to be measured in the policy document will be created as control objectives. When creating control objectives under policies, it is compliance manager responsibility to map the control objectives to external regulations (specifically, the citations).
Companies uses their own template for Policy Documents. A sample policy may contains sections as Content and Purpose, Definitions, Controls in Policies, Responsibilities, Revisions and References. Among these sections, Controls section in the policy are the one to be considered for control objectives of the policy.
