Control Library Compliance Status Documentation

Modified on Tue, 9 Dec at 1:50 PM

This documentation explains how the compliance status of a Control Library is determined and details the events that trigger updates to the Modified Date and Modified By fields.

1. Understanding Control Library Compliance Status

The Control Library detail page features a Compliance Status section, which evaluates four specific criteria to determine the overall implementation status. For each criterion, a "Green Check" indicates compliance with the defined requirement.

Compliance Criteria and Requirements

Criteria	Requirement for "Green Check" / Compliance
Internal Control (IC)	At least one internal control must be linked to the Control Library requirement.
Policy	At least one policy must be linked to the Control Library requirement.
Evidence	Evidence must be linked to all linked internal controls. If 10 internal controls are linked, all 10 must have evidence linked for this criterion to pass.
Document Request (DR)	The Document Request must be submitted for approval or approved specifically for the audit period. The system evaluates the Document Request across all periods if an audit period is not explicitly specified.

* Note: Evidence/Document Request is linked through the internal control not directly to the control library.

Implementation Status Determination

The overall Implementation Status is derived from the results of the four criteria checks. The logic follows a hierarchical path as shown below .

Implementation Status	Criteria Required to Achieve Status
Fully Implemented / Implemented	All four criteria (Internal Control, Policy, Evidence, and Document Request) are met. This means: IC is linked AND Policy is linked AND Evidence is linked to all ICs AND DR is submitted/approved for the audit period.
Partially Implemented	The Control Library has a linked Internal Control, but one or more of the other criteria are not fully met (e.g., Policy is missing, not all Evidence is linked, or DR is not submitted/approved for the audit period).
Not Implemented	The Control Library does not have any Internal Control linked.

2. Changes to Modified Date and Modified By Fields

The Modified Date and Modified By fields are automatically updated whenever a significant change impacts the Control Library’s compliance status or related linkages.

Updates to these fields occur under the following four conditions:

Internal Control Linkage: When you link/unlink an internal control to the control library.
Policy Linkage: When you link/unlink a policy to the control library.
Manual Sync: When you perform a manual sync using the designated gadget/button. This is used to auto-sync the Evidence and Document Request status if they have been submitted. Clicking this button will update the timestamp and the Modified By user.

Scheduled Job: A scheduled job runs to check the compliance status every six hours. If this job detects a change in the status of any criteria, it will automatically update the Modified Date and Modified By fields.