"Unified compliance" is the integration of processes and tools to aggregate and harmonize all compliance requirements applicable to an organization. The defining requirements include the ability to:
- Extract Mandates: Define rules to extract Mandates from Citations within Authority Documents.
- Map Mandates to Common Controls: Map Mandates from all Citations to Common Controls and when necessary create new Common Controls.
- Report Mapping Accuracy: Calculate the percent of match accuracy when tagging Mandates and mapping them to Common Controls.
- Standardize Audits: Leverage a standardized structure for auditing the implementation of the Common Controls.
In order to call an approach unified compliance, an organization’s approach must include all four requirements, and must continue to address these requirements efficiently and accurately as new Authority Documents are published and old Authority Documents are revised. Without these four capabilities, unified compliance can’t take place.
Please sign in to leave a comment.