Continuous monitoring involves activities related to identifying and creating key risk
and controls indicators. The Compliance Overview is available to compliance administrators and
compliance managers, providing an executive view into compliance requirements, overall compliance,
and compliance breakdowns.
Supporting information can be collected for indicators through automatic data collection or
manual tasks. Indicator results are then used to create issues for controls, update risk scores,
and provide supporting information for audit activities and control testing.
- Indicators collect data to monitor controls and risks, and collect audit evidence.
Indicators monitor a single control or risk.
- Indicator templates
- Indicator templates allow the creation of multiple indicators for similar controls or
Table 1. Compliance Overview reports in the base system
||Select a wedge to focus on a specific compliance area.
||Displays the overall compliance of all the control requirements in the system.
Selecting a specific wedge in the previous widget brings that area into focus.
||Drop down list
||Select one or more profiles to view and compare their compliance across multiple
||Select or clear check boxes to view filter reports by control state.
|Compliance by Authority Document
||Compare level of compliance depending on the selected profile and/or authority
||View a breakdown of control compliance by related authority documents and
|Non Compliant Profiles
||Count of non-compliant control requirements grouped by profile.
define policies, risks, controls, audits, and other processes to ensure adherence to
the authoritative content.
Each authority document is defined in a record and the related lists on that record contain
the individual conditions of the authority document.
The relationships of these authority document related list items are visible in the GRC
Workbench in the Policy and Compliance Management
Citations contain the provisions
of the authority document, which can be interrelated. Citations break down an
authority document into manageable themes.
You can create citations or import them from UCF authority documents and then create any
necessary relationships between the citations.