Having high standards is critical for the success of any organization. Ensuring that your organization complies with those standards is what the Compliance Module in Staff.Wiki is all about.
Note: To access the Compliance tab, you must be marked as a Risk Analyst in the Users tab, which any admin or User Manager can switch on. You must be using the Enterprise Edition to use this feature.
There are many industry standards that are published, some that are best practices, some that are required for certain certifications, and some that are legal requirements - known as regulation.
We provide several downloadable compliance frameworks that you can use to get started. Alternatively, you can create your own standards for compliance monitoring (or customize an existing best practices framework).
In this section we'll detail how to use the Compliance tab to drive quality and ensure regulatory compliance at your organization.
Before we get started, it's worth familiarizing yourself with some terminology we'll be using:
Usually an industry standard, or a set of requirements or best practices. An example of a compliance framework would be SOC2 or GDPR.
Within a framework there will be a list of objectives. Each of this describes what you need to accomplish, such as ensuring adequate data backups are created.
Objectives can be broken down into individual sub-objectives, also called requirements.
To prove that you have met the given objective, evidence will have to be provided. Each objective can have 1 or more evidences, which can just be documentation or links to policies and procedures in your wiki.
An auditor periodically checks over all the evidence provided to ensure that it is adequate to meet the objective. An auditor will often add additional evidence requirements (as sub-objectives), add tasks to evidence to fix them, and when they are satisfied will check-off on that objective as being compliant.
The situation where evidence has been provided to demonstrate meeting an objective. The evidence must be verified by an auditor.