Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »


Page Contents

Overview

The Compliance Dashboard provides a snapshot of an organization's compliance posture and its progression through time.

There are several sections on the dashboard that provide detailed metrics around program status and control health.

Accessing the Compliance Dashboard

To access the Compliance Dashboard, complete the following:

  1. Click Dashboard | Compliance Dashboard.



Program Status

The Program Status section displays all programs in your organization's instance. This alphabetical list provides a status for two different phases in a program's timeline. 

Those two phases are as follows:

  • Onboarding Phase - The program has no completed audit.
  • Audit Phase - The program has at least one completed audit.

Both phases display a low, moderate or high status. The phases are only differentiated by the text on mouse hover and the metrics displayed on click.

Understanding Onboarding Phase Readiness

If a program is still in the onboarding phase, the message displayed on mouse hover provides percentages of objectives that have mapped controls. This program may have active audits, but if it has no completed audits, there are no metrics to display for control health.



Onboarding phase status definitions are as follows:

  • Low - No objectives are scoped or control mappings are less than 40 percent. 
  • Moderate Control mappings are equal or greater than 40 percent and less than 80 percent. 
  • High - Control mappings are equal or greater than 80 percent. 

TIP

The control percentages are only calculated on objectives scoped to the program.

Understanding Audit Phase Readiness

If a program is in the audit stage, which means it has at least one completed audit, the message displayed on mouse hover provides percentages of effective controls in the last audit.


Audit phase status definitions cover the last completed audit and are as follows:

  • Low - Over 80 percent of control assessments are deemed ineffective either by design or operation.
  • Moderate Over 30 percent and less than or equal to 80 percent are deemed ineffective either by design or operation.
  • High - Less than or equal to 30 percent of control assessments are deemed ineffective either by design or operation.

TIP

If an assessment is mapped to multiple objects, the only one used for calculations is the one mapped to a control in the last completed audit.

High Risk Entities

The High Risk Entities section reports the top three object types associated with high risk scores, which then provides the focus for risk mitigation.

Understanding High Risk Entities

 In order to display in the High Risk Entities section, objects must have at least one high risk mapped with a score that is greater than or equal to 20.

In addition, a risk only displays if it is mapped to one of the following:

  • Contract
  • Control
  • Org Group
  • Data Asset
  • Process
  • Objective
  • Product
  • Program
  • Threat
  • Policy
  • Issue
  • Market

Issues

The Issues section of the Compliance Dashboard displays the top five outstanding issues. This should then be your compliance team's focus for the next time period.

  • up to 5 non truncated titles of issues
    • in states Identified, Assigned or Remediation in progress
    • sort by age, oldest on top
  • Get issues from the entire system
  • List all objects mapped to issue separated by newline
  • age is calculated as number of days since issue creation
  • on click pass send user to the issue card/info panel/page (whichever exists at the point of implementation)

Future Gap Analysis


Risk Heatmap

Scaled down report on risks the organization is facing along with the likelihood and impact. This provides risk severity and how soon do we have to take the action.

  • display a scaled down risk heat map here (/risk_heatmap)
  • clicking on the scaled down risk heat map takes me to the risk heat map page
    • select the box I clicked on


Individual Program Status

metrics regarding the control efficiency of the selected program

Accessing Individual Program Metrics

On the Compliance Dashboard, complete the following:

  1. Click the 

Control Health Metrics

metrics for control efficiency for the selected program

  • count controls mapped to the selected programthrough the PSSOC hierarchyand evaluate effectivenessbased on last assessment mapped to the control whose audit has been completed
    • take into consideration the last completed audit:
      • 1st level sorting: "Audited period end" date
      • 2nd level sorting (if 1st level not available or its tied): date when audit was completed
    • count of effective controls
    • count of ineffective controls
    • show effectiveness count: effectives control/all control
      • show gauge color:
        • 0-60%: red
        • 61%-80%: orange
        • 81% and above: green
    • show audit readiness badge for program (same as for all programs, user story no. 3 in this spec)
  • Click on Effectiveness metrics or on the round percentage: take the user to the SoR listing for controls
      • filters applied: map:program
      • workaround for now: old SOR, go to program page, controls tab

Section Status

all the sections for this program with metrics about mapped objectives and controls count and highlighted with colors based on control effectiveness

  • display all sections mapped up the hierarchy (to the standard and program)
  • Show objective and controlcount
    • Objective count: all objectives mapped to the section
    • Control count: cumulative sum of all controls mapped to each objective (per section)
  • Objective count: objectives mapped to the section, standard, and program (all the way up in the hierarchy)
  • Display frame around each section color:
    • Green: more than 80% of the objectives have at least one control mapped
    • Orange: between 50% and 80% of the objectives have t least one control mapped
    • Red: let than 50% of the objectives have at least one control mapped
  • Hover on the "badge" same as in US#4 (see above)
  • on click take to the SoR objective list:
    • filter is applied: map:program
    • filter is applied: map:section
    • visible column selected: map:control
    • workaround for now: old SOR, go to program page, controls tab

High Risk Entities

the top 3 highest risk entities for a specific program.

  • display top three high risk entities mapped to objects that are mapped to specific program

Top Five Issues

the top five outstanding issues regarding a specific program

  • up to 5 non truncated titles and descriptions for issues mapped to this specific program

Risk Matrix

This section displays risks for the selected  program and at what likelihood and what impact, so I can decide on risk severity and how soon do we have to take the action

  • display a scaled down risk heat map here (/risk_heatmap) only with risks mapped to this specific program
    • filter risk heat map for that specific program if on a single program view
  • clicking on the scaled down risk heat map takes me to the risk heat map page
    • select the box I clicked on
    • if a program is selected keep the same program filter


Other Helpful Content

•  Access and User Assistance 
•  System of Record List Views  
•  Actions on the Details Page 
•  Creating New Objects 
•  Favorites 
•  Quick Tips for End Users (Printable) 
•  Searching the Left-Hand Navigation

  • No labels

© 2021 Copyright Reciprocity, Inc.
https://reciprocity.com