The minimum definition of a compliance framework
Let’s start with the definition of framework (that applies here, as opposed to creating an actual building); a basic structure underlying a system, concept, or text. So, a framework is a structure, a schema, method of organization and configuration to accomplish something.
When dealing with compliance frameworks, that structure and schema focus on the aggregation of compliance rules, first and foremost. Once identification and harmonization are complete, those requirements need a structure for integration into the organization’s processes as well. Therefore, we can define compliance frameworks as such:
A compliance framework is a structured set of guidelines to aggregate and harmonize, then integrate, all compliance requirements applicable to an organization.
In other words, a compliance framework is a methodology for compiling multiple authority documents into a cohesive whole.
It provides a structure for identifying Mandates within Citations.
It provides a structure and methodology for harmonization.
It provides the structure and proof to support the veracity of the identification and harmonization.
These are the defining requirements:
| 1 Identify Mandates |
1a Provide a structure for identifying source documents.
1b Provide a structure for identifying Citations within those documents.
1c Provide a structure for identifying Mandates within Citations.
1d Provide a structure for linking a Mandate’s predicates and subjects to their situational definitions. |
| 2 Map Mandates to like Mandates or a reference control |
2 Provide a structure for measuring correlation between Mandates or a reference control. |
| 3 Provide proof of identification and mapping |
3a Provide the necessary data structures such as JSON-LD for encoding the tagging, dictionary linking, harmonization, and audit trails for change management that are machine readable.
3b Embed data structures and subsequent data into the identification and harmonization of each record. |
