The quickest way to get started is by downloading a predefined compliance framework. Staff.Wiki provides numerous frameworks to download, and this list is always growing.
If you don't see the framework that you need, you can easily create your own or import it from a spreadsheet.
To get started, go to the Compliance tab (note: you must be a Risk Analyst or admin user to do this).
Here you will see a list of the frameworks you have already installed, if any. But you'll also see a link to install a new framework. Click that to bring up the selection form.
In that form you can select from a variety of different frameworks, such as the SOC2 certification standard, GDPR privacy standard and a variety of cybersecurity best practices.
Once you have installed a framework, it'll then be added to the list you see when you click on the Compliance tab. Clicking on the framework will show you the dashboard and list of objectives that you should work on meeting to become compliant.
Note: Once you have provided evidence for meeting all objectives, and the system indicates you are compliant, this may not be sufficient to advertise that you are compliant. That often requires an external auditor to go through a certification process (in the case of SOC2, for example). Several other frameworks are simply best practices and require only an internal audit. Either way, we provide tools to help with the audit process.
Some frameworks that are installed from our website will come with suggestions built-in. These suggestions will appear in text above the objective, and will often have a link to install a policy or procedure. If you click that link it will pop-up with a prompt to choose where to place the article. Clicking the policy or procedure may ask for additional information (such as term substitutions, eg. the company name) to complete the policy. You should also verify any policy performance thresholds that are pre-defined, and also any risks that it may have installed.
Up Since 5/16/2022 12:50:47 PM