/
Compliance Framework Data Management

Compliance Framework Data Management

Establish and organize the essential GRC database by populating custom issue types tailored for GRC processes. This foundational setup prepares your Jira environment for subsequent GRC operations, such as creating controls, testing them, and registering deficiencies.

Introducing Compliance Framework Issue Types

The plugin introduces new GRC-specific issue types to Jira to support your Governance, Risk, and Compliance processes:

  1. Authority Documents: Foundational documents outlining specific guidelines, standards, or requirements.

  2. Compliance Requirements: Specific mandates linked to Authority Documents.

  3. Control Objectives: Goals describing the intent of a compliance action, linked to Compliance Requirements.

  4. Control Templates: Actionable steps or templates fulfilling the Control Objectives. These are used as templates for automated Controls creation.

  5. Control Assessment Templates: Questionnaires designed to standardize the assessment approach for controls that originate from the same Control Template. These questionnaires enable users to define varied assessment criteria in the form of questions, along with diverse answering options. Additionally, the questionnaires are equipped with a qualitative scoring model. This model aids in determining the overall assessment result, ensuring a comprehensive evaluation process.

GRC Hierarchy Navigation

The plugin establishes a clear hierarchy among the GRC issue types. This hierarchical design ensures users can trace the linkage from Authority Documents to the more specific Control Templates and Control Assessment Templates.

Compliance framework issue types lifecycle and workflow

These issue types are managed by users assigned to Compliance Officer’s role and follow a specific lifecycle, embodied in the workflow:

  1. DRAFT: When a issue is first created, it begins in a DRAFT status. During this phase, the issue undergoes description and definition. Upon completion it is transitioned to REVIEW status.

  2. REVIEW : A Compliance Officer reviews the issue in the REVIEW status. They can either:

    • Return the issue to DRAFT, seeking more details or clarity.

    • Activate the issue by transitioning it to ACTIVE status.

    • Deactivate the issue to by transitioning it to INACTIVE status.

image-20240131-092822.png
Compliance Framework entities typical workflow

Transitions user group membership checks:

  • All workflow transitions could be executed by members of Compliance Officer group only

Issue screens

For the compliance framework issue types, the Jira issue screens has been modified to show a list of associated child entities and provides the functionality to create and link new child entities.

Authority Document issue screen

  • View Linked Compliance Requirements: A section dedicated to displaying linked Compliance Requirements.

  • Add Compliance Requirements:

    1. Click "Add Compliance Requirement".

    2. Fill in the mandatory fields on the "Create Issue" screen.

    3. The new Compliance Requirement will auto-link to the Authority Document and appear in the list.

image-20240126-101248.png
Authority Document screen

Compliance Requirement issue screen

  • View Linked Control Objectives: A section dedicated to displaying linked Control Objectives.

  • Add Control Objective:

    1. Click "Add Control Objective".

    2. Fill in the mandatory fields on the "Create Issue" screen.

    3. The new Control Objective will auto-link to the Compliance Requirement and appear in the list.

image-20240126-102100.png
Compliance Requirement screen

Control Objective issue screen

  • View Linked Control Templates: A section dedicated to displaying linked Control Templates.

  • Add Control Template:

    1. Click "Add Control Template".

    2. Fill in the mandatory fields on the "Create Issue" screen.

    3. The new Control Template will auto-link to the Control Objective and appear in the list.

image-20240126-102242.png
Control Objective screen

Control Template issue screen

  • View Linked Control Assessment Templates: A section dedicated to displaying linked Control Assessment Templates.

  • Add Control Assessment Template:

    1. Click "Add Control Assessment Template".

    2. Fill in the mandatory fields on the "Create Issue" screen.

    3. The new Control Template will auto-link to the Control Control and appear in the list.

    4. Follow the created issue link and design the assessment questionnaire.

image-20240126-102625.png
Control Template screen

Control Assessment Template issue screen

  • Design assessment questionnaire:

    1. On the General Settings tab enable scoring functionality.

      1. Select calculation method

      2. Define assessment score transformation

    2. On the Assessment Criteria tab:

      1. Add criteria (questions)

      2. Add groups of criteria

      3. Configure answer types and options

      4. Configure criteria mandatory settings

      5. Clone criteria

      6. Save criteria to Assessment Criteria Library

image-20240126-102841.png
Control Assessment Template / General Settings tab
image-20240126-103203.png
Control Assessment Template / Assessment Criteria tab