Creating a Compliance Scope Record (IT Controls Assurance)
The Compliance Scope application allows users to capture a repeated scope of compliance that can be tested consistently. The IT Controls Assurance use case allows you to catalog all of your organization's compliance engagements and assess what controls are created, why, how, and by whom.
Before you can test and review your controls, you must identify the scope of testing that your compliance engagement requires. Identify the scoping method and catalog it in the Compliance Scope application. You should also document the applications, devices, facilities, and business processes that support your compliance programs
Here are the tasks:
-
Provide the general information.
-
In the Scoping Method section, identify any elements that are related to your compliance scope. You can scope in elements by business processes, control procedures, or control sets. Based on your selection, the system collects all other related applications, devices, facilities, and controls, and relates them to the compliance scope. You can also optionally manually add or remove any applicable scoped-in elements.
Note: The data feeds in the different scoping method types are not required to use the IT Security Risk Management use case, but should be installed if your organization plans to use those scoping methods.
Download the source file of the diagram here: IT Controls Assurance Compliance Scope Diagram
