Introducing a single consolidated operational view, designed to manage real time compliance and non-compliance.
Table of Contents
- Framework
- View by module, domain, control, or user
- Module view
- Domain view
- Control view
- User view
- Toggle
- Icons
- Scope
- Expand, collapse sections & Non-compliant tooltips
- Universal Side Tray Search
- Universal Side Tray Filter
- Universal Side Tray Favorites
- Resolve non-compliant issues
- Fix path
- Linking artifacts
- Export
- Permissions
Compliance Manager
The Compliance Manager is a single consolidated operational view, designed to manage real-time compliance and non-compliance. Available to Premium and Enterprise users that have access to the organization activity (instead of targeting admin/site admin, this accounts for all roles).
Framework
Start off by selecting a framework, you can select up to five. You can manage each framework in four different views: Module view, Domain view, Control view and User view. Supported frameworks such as AICPA, will display the Trust Service Criteria selection via checkboxes.
Views
Everything displayed in the four views is smart-tagged to the associated framework.
Module view
This view will display all modules with artifacts linked to the selected framework.
Domain View
This view will display all domains associated with artifacts linked to the selected framework.
Control View
This view lists out all controls associated with artifacts linked to the selected framework.
User View
The User view will show the artifacts associated specifically to that user, help identify those who are contributing to non-compliance against a particular framework, and initiate a fix path to manage compliance.
In three clicks, send a message to all non-compliant users:
- Select User view
- Click send message
- Send message
The message will be pre-populated and the [X] will display the unique non-compliant total to each user.
Click fix for a user to open a side tray displaying their total artifacts, compliant or non-compliant. The toggle in the top right will show only non-compliant activities.
To see a user’s profile, click on their name to navigate directly to their profile within the user section in system settings.
Send a message to a user by clicking fix to open the side tray, then click send message. You can edit the pre-populated message and click preview to see how it will look for the user receiving the message.
The fix icons in a user’s list will initiate a fix path once clicked, opening the artifact in a new window.
Toggles
Show all non-compliant activities only and show activities in-scope for your framework to help pinpoint non-compliance. Changes affect all sections within each view.
Icons
Within the views, there will be 3 color coded bubbles identifying the following totals: number of artifacts (gray), in-scope (blue) and non-compliant (red).
Scope
Darker blue acts as an indicator for controls in-scope. To change scope, the check box is available to click in Domain and Control only.
Expand, collapse sections & Non-Compliant Reason
Utilize the expand all or collapse all to open or close multiple sections within a view.
Action required icon indicates non-compliant artifacts. Hover over any red icon that says non-compliant and the Compliance Manager will provide the reason for non-compliance.
Universal Side Tray - Search
The universal side tray search allows you to search the Compliance Manager module per selected framework. The search will default within the compliance manager unless the filter is removed.
Universal Side Tray - Filter
The side tray filters include, Artifact name, Module, In-Scope, Compliant, Domain, User, Department, Control and Location.
In this example, we are filtering for all document artifacts in the document module. Once the filter is set, the changes are visible across all views.
Add multiple filter rules to find exactly what you need.
Universal Side Tray - Favorites
Once a filter has been created and applied, save the view to be stored in your favorites. Favorite views save you time and clicks, getting the information important to you faster.
Resolve non-compliant issues: Fix Path
Take action by clicking fix. The right side tray opens to give you information on the user's selection.
Example: Let’s take a look at the Assets for Framework AICPA SOC 2 (2017).
In the Module view, with the Asset section open, there is one non-compliant asset. This asset is non-compliant because it is associated with an audit, which has an overdue task for this asset.
Click fix to open the side tray, which will display the assets information (General, Asset Type, Links, Tags, Access Control, and Distribution) and a fix button to initiate the fix path.
Clicking fix opens a new window, displaying the asset. Red color coordination directs the user to take action.
The fix path will open the sub-menu tab, in this case Audits, because the non-compliance for this asset is an overdue audit task. This allows the user to see which audits are non-compliant, which has been pre-filtered by the fix path.
In this example, 366 audit records are non-compliant. The user takes the last step of the fix path by clicking the Send message button, which will open the side tray, and pre-populate a subject and body to non-compliant task owners (with the option to alternatively choose only compliant task owners, or all task owners). Those users are sent an email with a link directing them to this asset task.
The fix path brought the user from asking, “What assets in my SOC 2 are non-compliant?” to send a message to all non-compliant task owners for an asset in less than six clicks. Previously, a user would need to check each asset for compliance after verifying its relation to the framework and scope.
The fix path provides an intuitive guide to fixing compliance, saving time and clicks by reducing the time a user has to search, and mitigating the risk that a non-compliant fix is missed. Normal navigation in the platform will not show the red fix path.
Linking Artifacts
Link additional artifacts in less than six clicks.
- First click the link artifact button. In this example, we want to add another artifact to the Assets section in the Module view.
- The side tray opens to display the ability to choose a tag, search for artifacts in the platform and list out artifacts in a response view.
- Select a tag in the choose tag bar, by either scrolling or typing the tag. Multiple tags can be selected at the same time.
- Once chosen, search to find the desired artifact(s) and select it using the check box in the response view.
- Now that the tags and artifact(s) are chosen, finish linking by clicking on the now activated link button. Adding links is faster in the control view because the control is already selected.
Export
Clicking export will save as a CSV or XLSX, and will capture the view being displayed, including any applied filters.
Permissions
The Compliance Manager roles can be configured within Role Manager