An authority document defines the external standards, frameworks, or regulations that a
process must use. These are stored as references, from which policies can be defined. Create your
own authority documents or download and import the UCF authority documents. Citation records
contain the provisions of the authority document, which can be interrelated.
GRC authority documents
Authority documents are used to define policies, risks, controls, audits, and other processes
ensuring adherence to the authoritative content. Each authority document is defined by a master
record on the Authoritative Source [grc_authoritative_source] table, with a related list of
records from the Authoritative Source Content [grc_authoritative_src_content] table.
Citation records contain the actual provisions of the authority document, which can be
interrelated using configured relationships. In this way, the relationships between different
sections of the authority documents can be mapped to better record how the authority document is
meant to be implemented. The same relationship mechanism can be used to document relationships
across authority documents. This is important because different sources address the same or
similar controls and objectives.
You can create citations or import them from UCF authority documents and then create any
necessary relationships between the citations. See UCF authority document import process - Legacy.