GRC authority documents and GRC citations - Legacy

An authority document defines the external standards, frameworks, or regulations that a process must use. These are stored as references, from which policies can be defined. Create your own authority documents or download and import the UCF authority documents. Citation records contain the provisions of the authority document, which can be interrelated.

GRC authority documents

Authority documents are used to define policies, risks, controls, audits, and other processes ensuring adherence to the authoritative content. Each authority document is defined by a master record on the Authoritative Source [grc_authoritative_source] table, with a related list of records from the Authoritative Source Content [grc_authoritative_src_content] table.

GRC citations

Citation records contain the actual provisions of the authority document, which can be interrelated using configured relationships. In this way, the relationships between different sections of the authority documents can be mapped to better record how the authority document is meant to be implemented. The same relationship mechanism can be used to document relationships across authority documents. This is important because different sources address the same or similar controls and objectives.

You can create citations or import them from UCF authority documents and then create any necessary relationships between the citations. See UCF authority document import process - Legacy.