ControlMap

Regulatory Frameworks are a set of best practice recommendations by organizations like the American Institute of Certified Public Accountants (AICPA) for SOC2, General Services Administration for FedRAMP.

TABLE OF CONTENTS

• My Regulatory Frameworks
• Add Regulatory Framework
• View Regulatory Frameworks
• Update Regulatory Frameworks

My Regulatory Frameworks

1. Go to Frameworks. 
2. My Regulatory Frameworks Page provides the user with a list of existing Frameworks and their Mappings' progress. 
3. Using the Actions button, the User can,
   • Start Audit 
   • Refresh Mappings
   • Edit
   • Delete
   • Start Audit: 
     • Once the program is 100%  mapped, It's ready for Audit.  Click on Start Audit.
4. 
   • Check the program name and provide the program owner (Secondary Owner if needed). Click Create Program.
   • The program is ready for an audit and sent for review to the Auditor and is available to check its status on the Audit Page.    

Add Regulatory Framework

1. Go to Frameworks.
2. Click on Add Regulatory Framework
3. Choose a Framework and click Start, which takes you to an Import screen, and click Start Import.
4. Review the imported Framework in the Frameworks Page.

View Regulatory Frameworks

1. Go to Frameworks. 
2. Click on a specific program to view the readiness and its mapping. 
   • Requirements
   • Action items
   • Controls
   • Reports
   • Documents        

• Requirements: 
  • Requirements that belong to different categories ( Security, Privacy, Processing Integrity, Availability, and Confidentiality) are available with the Mapped Controls and open Data requests.
  • Requirements can be filtered using, 
    • Search Requirements - Search through Name.
    • Mapped Controls - Mapped / Not Mapped.
    • Status - Not Ready / Ready for Review / Review Compleated / Audited.
    • Scope - In Scope / Out of Scope.

• Action Items: A list of Open Action items are available to create/view/ update/ delete.

• Mapped Controls: The number of mapped controls to the requirements and their statuses are available.             

• Reports: Generated reports are available to view/download; the Reports can be generated using Generate Report.
  

• Documents: All the attached documents of the framework are visible here.                                                                                                                 

Update Regulatory Frameworks

1. Go to Frameworks. 
2. Click on a Requirements to view the controls mapped (shown in green), and the number of controls required to be mapped (shown in red) for each requirement are available.          

• Click on the requirement that needs to be updated, and the user can update/view the mapped controls to the requirement.

• Below screens help the user to understand more about the control through the description and allows the user to view/update as required.

• Go back to the Requirements page to view the updated Requirement.