General Introduction

Modified on Fri, 14 Jul, 2023 at 12:44 PM

The Compliance management module in C1Risk enables customers to deliver and sustain year-round compliance with most global regulations and standards. 

This article contains the following information:

  1. Useful tips for Getting Started
  2. Uploading Existing Data
  3. Compliance/C1Risk User Roles
  4. Tips for Navigating the Compliance Module
  5. Features


Useful Tips for Getting Started

 

  • The GRC Library is used to launch Compliance Management with the relevant obligation (regulation or standard).

 

  • You can download more than 100 obligations from our central GRC Library. If you don’t see the obligation that you are looking for in our central GRC library, please reach out to C1Risk and our support team will upload it for you. Our standard SLA for uploading new obligations is 7 business days.

 

  • Your compliance dashboard can be found in the GRC Library in the relevant obligation record.

 

  • Your Statement of Applicability report can be exported from the platform from the details section of the obligation.

 

  • Your evidence collection can be fully automated in C1Risk

 

  • Contact C1Risk for full set examples of internal controls, policies and evidence articles for many of obligations, including ISO 27001, SOC 2, PCI, CMMC and more.

 

  • To conduct an internal audit or independent assessment to evaluate your readiness, contact C1Risk for assessment solutions, premium support, and managed service offerings.

 

Uploading Existing Data

  • C1Risk provides Standard and Premium support options for uploading existing control data, evidence request lists, SOC reports, and other relevant data to kickstart the compliance process on the C1 platform. Contact your account manager for more information.
  • C1Risk can receive data in .CSV documents for bulk upload. Data upload templates are provided here. Most data can also be bulk-formatted in the platform once uploaded.
  • C1Risk has   REST API functionality to enable data  pull or push data to/from the platform. Contact your account manager for more detailed information on API integration.

 

C1Risk Compliance Management Roles

C1Risk License Classifications

Administrator

  • All roles/access
  • Upload Regulations and Standards
  • Set Audit Period
  • Set SOA
  • Map policies, internal controls, evidence
  • Add, manage internal controls
  • Add, edit evidence records
  • Send and Review Document Requests
  • Assign roles

Manager

  • All roles/access
  • Upload Regulations and Standards
  • Set Audit Period
  • Set SOA
  • Map policies, internal controls, evidence
  • Add, manage internal controls
  • Add, edit evidence records
  • Send and Review Document Requests
  • Assign roles

General User

  1. Limited role
  2. Respond to document requests

External Auditor

  1. Access GRC library for requirement, internal control and document request review

Read Only

  • Limited Access
  • View Compliance Dashboard

 

 

C1Risk Compliance Roles

Compliance Role

Capability

C1Risk License

Compliance Manager

  • All Compliance Roles
  • View Dashboards
  • Comment
  • Set Audit Period
  • Map Controls
  • Launch Evidence Requests
  • Respond to Evidence Requests
  • Review Submitted Evidence
  • Create Findings
  • Submit Finding Risk Mitigation
  • Review Risk Mitigation

Admin User

Control Owner

  • Comment
  • Manage Internal Controls
  • Launch Evidence Requests
  • Respond to Evidence Requests
  • Review Submitted Evidence
  • Create Findings
  • Submit Risk Mitigation
  • Review Risk Mitigation

Admin User

Evidence Owner

  • Respond to Evidence Requests
  • Review Submitted Evidence
  • Comment
  • Submit Finding Risk Mitigation

 

General User

External Auditor

  • View Dashboards
  • View Control Library
  • View Internal Controls
  • View Evidence
  • Comment
  • Create Findings

 

 

 

Navigating the Compliance Management Module

The following are some tips to help navigate the compliance module, including "action buttons", filtering data, customization, and general features.


Filters

Filters can be found in the List Views for the GRC Library and Compliance Modules  to help navigate and select information or specific records as follows:

 

 

Customize the List View

The List View can be customized to restrict or view all data fields, as follows:


 

 

Action Buttons

Use the Ellipses button to activate all possible tasks in the list view or record. Available actions will automatically highlight in the drop-down menu.

 

Compliance Management Features

The following features are available on the C1Risk Platform. 


1. Compliance Dashboards

  1. Dashboards for all obligations
  2. Controls in scope
  3. Internal control readiness
  4. Internal control and evidence request frequency
  5. Document request status
  6. Audit observation/finding tracking
  7. Risk mitigation tracking

 

2. Crosswalks

  1. Obligation crosswalks of former to current versions
    1. (EG ISO 27001:2013 > ISO 27001:2022)
  2. Obligation crosswalks (control mapping)
    1. (EG AICPA SOC 2 > ISO 27001)

 

*Crosswalks are created from authoritative sources. For a full list of available crosswalks, contact your account manager or submit a request: Submit a ticket : C1Risk Training Portal (freshdesk.com)


 3. Control Mapping

  1. Control requirements to policies.
  2. Control requirements to internal controls.
  3. Internal controls to policies.
  4. Internal controls to evidence checklist items.
  5. Test procedures to control requirements (internal audit).
  6. Test procedures to internal controls (internal audit).

 

4. Automated Evidence Collection

  1. Continuous control monitoring.
  2. Establish document collection frequency.
  3. Assign multiple evidence owners.

 

5. Review options

  1. Assign multiple reviewers.
  2. Structured review options
    1. At least one reviewer.
    2. Multiple reviewers with single authorization
    3. Multiple reviewers with all authorization in any order
    4. Ordered review (Jack then Jennie then Jane)

 

 

 

 

 

 

 

 


 

 

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article