Getting Started with Compliance
There are a couple of ways you can use the Compliance tab: one is for managing compliance with a specific compliance standard such as SOC2, and the other is for measuring compliance with less formal best practices that your organization (or industry specialist) defines.
Generating Best Practices List
The quickest way to get started is to generate a list of best practices using AI.
To do this, go to the Compliance tab (make sure that your user has the "Risk Analyst" flag set to Yes, to see this tab. An admin can change this for you.). On that tab, you will see a link at the top to generate a best practices list.
Click that link and it'll pop-up with a form where you can enter in the type of best practices you want to track.
Then click OK, and it will connect with the AI service in order to generate a list of best practices. It will generate at least 20. Once complete, these will be displayed in a box in the compliance list.
You can then click that box and edit the list, and also rename the box by clicking Update.
Downloading Frameworks
If you have a specific standard in mind, you can get started by downloading a predefined compliance framework from our library. Our platform provides numerous frameworks to download, and this list is always growing.
If you don't see the framework that you need, you can easily create your own or import it from a spreadsheet.
To get started downloading a framework, go to the Compliance tab (note: you must be a Risk Analyst or admin user to do this).
Here you will see a list of the frameworks you have already installed, if any. But you'll also see a link to install a new framework. Click that to bring up the selection form.
In that form you can select from a variety of different frameworks, such as the SOC2 certification standard, GDPR privacy standard and a variety of cybersecurity best practices. You can also optionally set the framework to "Keep Live", which means that updates to the framework will be installed automatically in the background. So if a new best practice is added by your vendor, then you'll see the new compliance objective appear in your library a few minutes later. Note: the objective won't be updated automatically if you add evidence to it.
Once you have installed a framework, it'll then be added to the list you see when you click on the Compliance tab. Clicking on the framework will show you the dashboard and list of objectives that you should work on meeting to become compliant.
Note: Once you have provided evidence for meeting all objectives, and the system indicates you are compliant, this may not be sufficient to advertise that you are compliant. That often requires an external auditor to go through a certification process (in the case of SOC2, for example). Several other frameworks are simply best practices and require only an internal audit. Either way, we provide tools to help with the audit process.
Suggestions
Some frameworks that are installed from our website will come with suggestions built-in. These suggestions will appear in text above the objective, and will often have a link to install a policy or procedure. If you click that link it will pop-up with a prompt to choose where to place the article. Clicking the policy or procedure may ask for additional information (such as term substitutions, eg. the company name) to complete the policy. You should also verify any policy performance thresholds that are pre-defined, and also any risks that it may have installed.