Creating a Compliance Scope Record
The Compliance Scope application allows users to capture a repeated scope of compliance that can be tested consistently. The Controls Assurance Program Management use case allows you to catalog all of your organization's compliance engagements and assess what controls are created, why, how, and by whom.
Determine the Scope of Testing in the Compliance Scope Application
Before you can test and review your controls, you must identify the scope of testing that your compliance engagement requires. Identify the scoping method and catalog it in the Compliance Scope application. You should also document the applications, devices, facilities, and business processes that support your compliance programs.
Here are the tasks:
-
Provide the general information.
-
In the Scoping Method section, identify any elements that are related to your compliance scope. You can scope in elements by business processes, control procedures, or control sets. Based on your selection, the system collects all other related applications, devices, facilities, and controls, and relates them to the compliance scope. You can also optionally manually add or remove any applicable scoped-in elements.
Note: The data feeds in the different scoping method types are not required to use the Controls Assurance Program Management use case, but should be installed if your organization plans to use those scoping methods.
Download the source file of the diagram here: Controls Assurance Program Management Compliance Scope Diagram
