The Compliance management module in C1Risk enables customers to deliver and sustain year-round compliance with most global regulations and standards.
This article contains the following information:
- Useful tips for Getting Started
- Uploading Existing Data
- Compliance/C1Risk User Roles
- Tips for Navigating the Compliance Module
- Features
Useful Tips for Getting Started
- The GRC Library is used to launch Compliance Management with the relevant obligation (regulation or standard).
- You can download more than 100 obligations from our central GRC Library. If you don’t see the obligation that you are looking for in our central GRC library, please reach out to C1Risk and our support team will upload it for you. Our standard SLA for uploading new obligations is 7 business days.
- Your compliance dashboard can be found in the GRC Library in the relevant obligation record.
- Your Statement of Applicability report can be exported from the platform from the details section of the obligation.
- Your evidence collection can be fully automated in C1Risk
- Contact C1Risk for full set examples of internal controls, policies and evidence articles for many of obligations, including ISO 27001, SOC 2, PCI, CMMC and more.
- To conduct an internal audit or independent assessment to evaluate your readiness, contact C1Risk for assessment solutions, premium support, and managed service offerings.
Uploading Existing Data
- C1Risk provides Standard and Premium support options for uploading existing control data, evidence request lists, SOC reports, and other relevant data to kickstart the compliance process on the C1 platform. Contact your account manager for more information.
- C1Risk can receive data in .CSV documents for bulk upload. Data upload templates are provided here. Most data can also be bulk-formatted in the platform once uploaded.
- C1Risk has REST API functionality to enable data pull or push data to/from the platform. Contact your account manager for more detailed information on API integration.
C1Risk Compliance Management Roles
C1Risk License Classifications
Administrator |
|
Manager |
|
General User |
|
External Auditor |
|
Read Only |
|
C1Risk Compliance Roles
Compliance Role | Capability | C1Risk License |
Compliance Manager |
| Admin User |
Control Owner |
| Admin User |
Evidence Owner |
| General User |
External Auditor |
|
|
Navigating the Compliance Management Module
The following are some tips to help navigate the compliance module, including "action buttons", filtering data, customization, and general features.
Filters
Filters can be found in the List Views for the GRC Library and Compliance Modules to help navigate and select information or specific records as follows:
Customize the List View
The List View can be customized to restrict or view all data fields, as follows:
Action Buttons
Use the Ellipses button to activate all possible tasks in the list view or record. Available actions will automatically highlight in the drop-down menu.
Compliance Management Features
The following features are available on the C1Risk Platform.
1. Compliance Dashboards
- Dashboards for all obligations
- Controls in scope
- Internal control readiness
- Internal control and evidence request frequency
- Document request status
- Audit observation/finding tracking
- Risk mitigation tracking
2. Crosswalks
- Obligation crosswalks of former to current versions
- (EG ISO 27001:2013 > ISO 27001:2022)
- Obligation crosswalks (control mapping)
- (EG AICPA SOC 2 > ISO 27001)
*Crosswalks are created from authoritative sources. For a full list of available crosswalks, contact your account manager or submit a request: Submit a ticket : C1Risk Training Portal (freshdesk.com)
3. Control Mapping
- Control requirements to policies.
- Control requirements to internal controls.
- Internal controls to policies.
- Internal controls to evidence checklist items.
- Test procedures to control requirements (internal audit).
- Test procedures to internal controls (internal audit).
4. Automated Evidence Collection
- Continuous control monitoring.
- Establish document collection frequency.
- Assign multiple evidence owners.
5. Review options
- Assign multiple reviewers.
- Structured review options
- At least one reviewer.
- Multiple reviewers with single authorization
- Multiple reviewers with all authorization in any order
- Ordered review (Jack then Jennie then Jane)
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article