This article contains:
|
1. Overview |
The Authority Document Register will maintain all authority documents which the organisation is obliged to be compliant with, and tie in the same with all your compliance requirements.
These are the sources from which compliance obligations are derived. Authority documents can be legislations, regulations, frameworks, and standards that an organisation want (or need) to comply with. These can be assigned to individuals for overall monitoring. They can look through linked compliance obligations for their authority document and see about overall compliance and any follow-up actions required. Additionally, you may manage actions to do with the authority document here, for example, preparations for certification audits or compiling compliance reports to regulators where there is mandated reporting requirements.
Examples of authority documents include:
ISO/IEC 27001:2013
NIST 800-53
COBIT 5
Payment Card Industry Security Standards
Data Protection Act 2018 (UK)
Regulation (EU) 2016/679 (General Data Protection Regulation)
Privacy Act 2020 (NZ)
Prudential Standard CPS 232 Business Continuity
For each authority document the following fields will be displayed:
Field | Description |
---|---|
Authority Document Code | A unique code to identify the Authority Document record. This will be auto-generated and non-editable or editable, based on the configuration setup by your administrator. |
Authority Document Title | This is the title of the Authority Document Register. |
Authority Document Type | This is the type of the document. E.g. Whether it is a State Legislation or Federal Legislation. |
Responsible Officer | Assign a staff member as the responsible officer for an authority document. The responsible officer will be able to view the document record under their 'My Quick Update' page. |
Priority | The priority of the Authority Document, as defined within the Authority Document details page. This will be indicated using a colour code defined by your administrator. |
Info |
---|
Note: This will be the default register configuration, and an administrator can define the layout of the Registers via Compliance Settings > Register Configuration. |
2. Adding a New Authority Document |
All Authority Document requirements the organisation is obliged to comply with, can be recorded in the system as it arises. General information such as Authority Document title, reported date/time can be recorded. Recording can be done by an operational user, or can be restricted to an authorised user such as a compliance manager, depending on the organisational requirement.
To create a record:
STEP 1: Navigate to the Compliance Register and click on the New button at the top-right corner of the window.
Fields | Description |
---|---|
Authority Document Code | A unique ID to identify the Authority Document. This will be auto-generated and non-editable or editable based on the configuration done by your administrator. |
Authority Document Title | This is the title of the Authority Document. |
Description | This will be the description of the Authority Document. |
Reported Date/Time | Provide a date and time on which the Authority Document was realised. |
Categories | Select the category of the Authority Document. |
Reported By | The staff member who reported the Authority Document. |
Responsible Officer | Assign a staff member as the responsible officer for an authority document. The responsible officer will be able to view the document record under their 'My Quick Update' page. |
Authority Document Type | This is the type of the Authority Document. |
Priority | This is the priority selected when creating the Authority Document, and defined under Compliance Settings > Priority by an administrator. |
Severity | The severity of the Authority Document. Severities can be defined by an administrator under Compliance Settings > Severity. |
Info |
---|
Note: The Compliance, Not all features in the Authority Documents and Policy Policies sub-modules within the Camms.Risk Compliance module behaves the same way are equivalent to the Compliance features in terms of configurations and end-user behaviourbehavior. The above sections are explained using Compliance as a base, but applies to authority document and policy registers in the same manner. |