You want to enhance your company’s ineffective processes and sway peers away from using spreadsheets and cross-walking and towards efficiently gathering the evidence you need to actually prove compliance.
Historically, everyone including Unified Compliance started out with spreadsheets with columns of regulations, best practices, and frameworks. The Unified Compliance team has lots of information on why cross-walking is a poor use of smart people time. You already know this. But how do you convince your team?
A build is a collection of customized spreadsheets generated on your request. The contents of a build are based on the Authority Document List you select, and the Common Controls related to it. The sample build contains files that represent a very small subset of what you would receive if you created your own custom set of Common Controls with the Common Controls Hub. Just email firstname.lastname@example.org with your sample build request.
Show your colleagues that audit fatigue could be lessened by harmonizing compliance controls automatically instead of defending the same controls over and over again with manual cross-walking. Whether you call it unifying, harmonizing, or cross-walking — the idea is the same; comply once and attest to compliance for multiple regulatory guidelines.
Show them that when that evidence collection process is automated across multiple regulations, frameworks, standards, best practices and policies, with metadata to assert the methodology, while improving efficiency and accuracy and cutting everyone’s workload in half—then, you will be truly upping your organization’s compliance game.
The most frequent use case for the CCH (and the underlying Unified Compliance Framework) is compliance gap identification and closure. Most organizations have an internal control framework to address all of their compliance requirements. By mapping in your control framework with either the UCF Mapper or Unified Compliance Professional Services, you can complete a quantitative analysis to identify and close gaps.
Here is an overview of the required steps:
Once your controls are mapped to the Common Controls, it is available privately to your organization. The most common use case is gap identification and prioritization. The steps are as follows:
Results: Based on the ranking and number of citation references, each Common Control will get a score of importance.
The criteria is based on the following for both Step 2 and 3:
In your analysis, you will use the Build spreadsheet of Controls with all the Citations References from your controls and Authority Documents within your scope. You will also use the documents themselves and the associated Authority Document In-Depth reports that have the color-coded tagged mandates. These will have the Citation content associated with the Citation References.
Once the Common Controls are ranked, you can set your priorities. You will leverage the Common Control child, parent, and sibling relationships to determine how large the gap is. A covered sibling may be similar enough to close the gap. A covered parent may mean the gap is being carried out but not documented. Finally, a covered child will mean only a partial gap for a parent Common Control.
The final opportunity to close gaps is when there is more than one of your controls mapped to a single Common Control. You move your other control to a gap Common Control. Now, you have addressed two Common Controls.
Do a presentation on how the team is improving your time to map and the quality of your mapping.
As always, feel free to reach out to us on any Unified Compliance topic or better yet – how about a demo?