Policy and Compliance

ZubairQ
Mega Contributor

yesterday

Automate and manage policy lifecycles and continuously monitor for compliance.

The Policy and Compliance Management product provides a centralized process for creating and managing policies, standards, and internal control procedures.

It involves creating, implementing, and enforcing policies and procedures that ensure compliance with applicable laws, regulations, and industry standards.

 

  1. What is Entity Type?
  •  An entity type is a category or classification of entities based on their characteristics or attributes.

For example, the entity type "vendor" could be further categorized into "domestic vendor" or "international vendor."

 

  1. Entity Class:
  • An entity class is a group of entities that share common characteristics or attributes.

For example, all the vendors supply raw materials to a particular manufacturing plant.

 

  1. Entity Tier:
  • When you create entity tiers, you apply a level to the entity class. This level applies to all the entities in those entity classes.

 

  1. Entity Scoping:
  • Entity scoping refers to the process of defining the boundaries of an entity or group of entities that are being managed within the GRC system.

 

  1. Control Objectives:
  • It is an object, direction, or standard that is used to manage control activities.

 

  1. Life Cycle of Policy:
  • Dreft ==> Review ==> Awaiting Approval ==> Published ==> Retired.

 

  1. What is a Compliance Score?
  • After creating the appropriate mappings from Policy to control objective to control. The system automatically calculates the compliance score Percentage based on the number of controls that are compliant versus non-compliant.

 

  1. What is Control?
  • It is the Implementation of control objectives for a scoped entity. Once an entity type is associated with a control objective, controls are generated for each entity in the entity type.

 

  1. Control Lifecycle:
  • Draft ==> Attest ==> Review ==> Monitor ==> Retired

 

  1. What is Policy?
  • It defines an internal practice that an organization or business process must follow.

 

  1. Policy Exception:
  • It provides organizations with flexibility and the ability to manage exceptional situations without compromising compliance or control.

 

  1. Life cycle of policy exception:
  •  New ==> Analyze ==> Review ==> Awaiting Approval ==> Approved ==> Closed

 

  1. Policy and compliance integrator:
  •  The application provides a common framework so that your content providers can push their content into the GRC application.

 

  1. Control Issues:
  •  These are automatically created. When a control attestation is completed, indicating the control is not implemented.

 

  1. Control Test Issues:
  • Control test issues are automatically created when a control test is closed completely, with the control effectiveness set to ineffective.

 

  1. Remediation Tasks:
  • It is a task that needs to be completed in order to resolve an issue. If the Remediation Task is open, then the issue cannot be closed.

 

  1. Citation:
  • The citation contains provisions of authority documents, which can be interrelated. It breakdown an authority documents into manageable themes. You can create citations or import from UCF.
0 Helpfuls
  • 10 Views
0 REPLIES 0