General Introduction

Modified on Fri, 14 Jul 2023 at 12:44 PM

The Compliance management module in C1Risk enables customers to deliver and sustain year-round compliance with most global regulations and standards.

This article contains the following information:

Useful tips for Getting Started
Uploading Existing Data
Compliance/C1Risk User Roles
Tips for Navigating the Compliance Module
Features

Useful Tips for Getting Started

The GRC Library is used to launch Compliance Management with the relevant obligation (regulation or standard).

You can download more than 100 obligations from our central GRC Library. If you don’t see the obligation that you are looking for in our central GRC library, please reach out to C1Risk and our support team will upload it for you. Our standard SLA for uploading new obligations is 7 business days.

Your compliance dashboard can be found in the GRC Library in the relevant obligation record.

Your Statement of Applicability report can be exported from the platform from the details section of the obligation.

Your evidence collection can be fully automated in C1Risk

Contact C1Risk for full set examples of internal controls, policies and evidence articles for many of obligations, including ISO 27001, SOC 2, PCI, CMMC and more.

To conduct an internal audit or independent assessment to evaluate your readiness, contact C1Risk for assessment solutions, premium support, and managed service offerings.

Uploading Existing Data

C1Risk provides Standard and Premium support options for uploading existing control data, evidence request lists, SOC reports, and other relevant data to kickstart the compliance process on the C1 platform. Contact your account manager for more information.
C1Risk can receive data in .CSV documents for bulk upload. Data upload templates are provided here. Most data can also be bulk-formatted in the platform once uploaded.
C1Risk has REST API functionality to enable data pull or push data to/from the platform. Contact your account manager for more detailed information on API integration.

C1Risk Compliance Management Roles

C1Risk License Classifications

Administrator	All roles/access Upload Regulations and Standards Set Audit Period Set SOA Map policies, internal controls, evidence Add, manage internal controls Add, edit evidence records Send and Review Document Requests Assign roles
Manager	All roles/access Upload Regulations and Standards Set Audit Period Set SOA Map policies, internal controls, evidence Add, manage internal controls Add, edit evidence records Send and Review Document Requests Assign roles
General User	Limited role Respond to document requests
External Auditor	Access GRC library for requirement, internal control and document request review
Read Only	Limited Access View Compliance Dashboard

C1Risk Compliance Roles

Compliance Role	Capability	C1Risk License
Compliance Manager	All Compliance Roles View Dashboards Comment Set Audit Period Map Controls Launch Evidence Requests Respond to Evidence Requests Review Submitted Evidence Create Findings Submit Finding Risk Mitigation Review Risk Mitigation	Admin User
Control Owner	Comment Manage Internal Controls Launch Evidence Requests Respond to Evidence Requests Review Submitted Evidence Create Findings Submit Risk Mitigation Review Risk Mitigation	Admin User
Evidence Owner	Respond to Evidence Requests Review Submitted Evidence Comment Submit Finding Risk Mitigation	General User
External Auditor	View Dashboards View Control Library View Internal Controls View Evidence Comment Create Findings

Navigating the Compliance Management Module

The following are some tips to help navigate the compliance module, including "action buttons", filtering data, customization, and general features.

Filters

Filters can be found in the List Views for the GRC Library and Compliance Modules to help navigate and select information or specific records as follows:

Customize the List View

The List View can be customized to restrict or view all data fields, as follows:

Action Buttons

Use the Ellipses button to activate all possible tasks in the list view or record. Available actions will automatically highlight in the drop-down menu.

Compliance Management Features

The following features are available on the C1Risk Platform.

1. Compliance Dashboards

Dashboards for all obligations
Controls in scope
Internal control readiness
Internal control and evidence request frequency
Document request status
Audit observation/finding tracking
Risk mitigation tracking

2. Crosswalks

Obligation crosswalks of former to current versions
1. (EG ISO 27001:2013 > ISO 27001:2022)
Obligation crosswalks (control mapping)
1. (EG AICPA SOC 2 > ISO 27001)

*Crosswalks are created from authoritative sources. For a full list of available crosswalks, contact your account manager or submit a request: Submit a ticket : C1Risk Training Portal (freshdesk.com)

3. Control Mapping

Control requirements to policies.
Control requirements to internal controls.
Internal controls to policies.
Internal controls to evidence checklist items.
Test procedures to control requirements (internal audit).
Test procedures to internal controls (internal audit).

4. Automated Evidence Collection

Continuous control monitoring.
Establish document collection frequency.
Assign multiple evidence owners.

5. Review options

Assign multiple reviewers.
Structured review options
1. At least one reviewer.
2. Multiple reviewers with single authorization
3. Multiple reviewers with all authorization in any order
4. Ordered review (Jack then Jennie then Jane)