The following steps (with videos) demonstrate how to implement the full lifecycle of compliance management on the C1Risk Platform.
0. Setup Milestones
- If you have data to import, work with your customer success manager to import the following data
- Internal Controls from your tracker or certification reports (SOC2, SOC1, PCI, etc)
- Evidence items to collect
- Mapping of Evidence and Internal Controls
1. C1Risk GRC Library for Adding Regulations and Standards
- How to add regulations or standards to the C1Risk Platform (4:00)
- Crosswalks (2:00)
- Updating Obligations (1:57)
- How to set up your Compliance Dashboard for audit preparation & continuous compliance monitoring (6:00)
- Select Applicable Controls Requirements for Audit and Compliance (3:57)
- How to write your Statement of Applicability (SOA requirement for ISO, PCI DSS, etc.) (4:32)
- How to create and SOA Report (ISO Requirement) (1:47)
- Set your Audit Period (evidence collection period) in the C1Risk Platform (1:45)
2. Readiness Period Part 1: Policies & Internal Controls
- An overview of Policy Management in C1Risk
- Policy Training Full Workflow
- An overview of Internal Controls in the C1Risk Platform (Design, Effectiveness) (9:00)
- Adding Internal Controls to the C1Risk Platform - All options (5:00)
- Auto-create new Internal Controls from the Control Library (teams without existing Internal Controls) (3:41)
- Option 1: Addiing Internal Controls via the Control Library (3:00)
- Option 2: Adding Internal Controls via bulk action (1:53)
- Option 3: Mapping Internal Controls to the Control Library (3:31)
3. Readiness Period Part 2: Evidence Collection
- Bulk Upload an IRL/PBC or Evidence records (2:00)
- Add a new Evidence record to the C1Risk platform (7:00)
- Establishing Evidence Collection Automation (4:57)
- Document Requests: How to establish evidence collection review and approval process (3:36)
- Document Requests: How to view and download approved evidence (during audit) (3:29)
- Document Requests: How to launch evidence collection (5:00)
- Document Requests: How to respond to a document request (5:00)
- Document Requests: How to approve or reject/re-open a Document Request (2:00)
- Why was my Document Request Rejected? (1:54)
- How to request additional evidence (4:00)
- General and Vendor Users: How to access and work from your task list (4:00)
4. Internal Audit
- Internal Audit Overview (9:00)
- Adding Test Procedures for Comliance reports for Internal Controls (4:00)
- Adding Test Results
- Adding Findings to Test Results
5. External Audit in the C1Risk Platform
- On-screen or rolling Audits in the C1Risk Platform (2:57)
- Documentation (Policy, Internal Controls, Evidence) Evaluation (2:50)
- Commentary or requesting additional evidence (2:57)
- How to create findings/observations (3:03)
- Adding Findings during Audit (4:19)
- Evidence download or migration in bulk post-audit
6. Supplemental Compliance Training
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article