Authority Document Register

1. Overview

The Authority Document Register will maintain all authority documents which the organisation is obliged to be compliant with, and tie in the same with all your compliance requirements.

These are the sources from which compliance obligations are derived. Authority documents can be legislations, regulations, frameworks, and standards that an organisation want (or need) to comply with. These can be assigned to individuals for overall monitoring. They can look through linked compliance obligations for their authority document and see about overall compliance and any follow-up actions required. Additionally, you may manage actions to do with the authority document here, for example, preparations for certification audits or compiling compliance reports to regulators where there is mandated reporting requirements.

Examples of authority documents include:

  • ISO/IEC 27001:2013

  • NIST 800-53 

  • COBIT 5

  • Payment Card Industry Security Standards

  • Data Protection Act 2018 (UK) 

  • Regulation (EU) 2016/679 (General Data Protection Regulation)

  • Privacy Act 2020 (NZ) 

  • Prudential Standard CPS 232 Business Continuity

Figure 1.1

For each authority document the following fields will be displayed:

Field

Description

Field

Description

Authority Document Code

A unique code to identify the Authority Document record. This will be auto-generated and non-editable or editable, based on the configuration setup by your administrator.

Authority Document Title

This is the title of the Authority Document Register.

Authority Document Type

This is the type of the document. E.g. Whether it is a State Legislation or Federal Legislation.

Responsible Officer

Assign a staff member as the responsible officer for an authority document. The responsible officer will be able to view the document record under their 'My Quick Update' page.

Priority

The priority of the Authority Document, as defined within the Authority Document details page. This will be indicated using a colour code defined by your administrator.

Note: This will be the default register configuration, and an administrator can define the layout of the Registers via Compliance Settings > Register Configuration.

2. Adding a New Authority Document

All Authority Document requirements the organisation is obliged to comply with, can be recorded in the system as it arises. General information such as Authority Document title, reported date/time can be recorded. Recording can be done by an operational user, or can be restricted to an authorised user such as a compliance manager, depending on the organisational requirement.

To create a record:

  • STEP 1: Navigate to the Compliance Register and click on the New button at the top-right corner of the window.

Figure 2.1

Fields

Description

Fields

Description

Authority Document Code

 A unique ID to identify the Authority Document. This will be auto-generated and non-editable or editable based on the configuration done by your administrator.

Authority Document Title

This is the title of the Authority Document.

Description

This will be the description of the Authority Document.

Reported Date/Time

Provide a date and time on which the Authority Document was realised.

Categories

Select the category of the Authority Document.

Reported By

The staff member who reported the Authority Document.

Responsible Officer

Assign a staff member as the responsible officer for an authority document. The responsible officer will be able to view the document record under their 'My Quick Update' page.

Authority Document Type

This is the type of the Authority Document.

Priority

This is the priority selected when creating the Authority Document, and defined under Compliance Settings > Priority by an administrator.

Severity

The severity of the Authority Document. Severities can be defined by an administrator under Compliance Settings > Severity.

Note: Not all features in the Authority Documents and Policies sub-modules are equivalent to the Compliance features in terms of configurations and end-user behavior. The above sections are explained using Compliance as a base, but applies to authority document and policy registers in the same manner.