Using the Compliance Management Module
In the Compliance Management module of your KCM GRC platform, you can streamline and manage your compliance and audit-related tasks. You can access the Compliance Management module from the Compliance tab of your navigation panel.
See the sections below to learn how to create templates and scopes, create users, complete a scope self-assessment, and create controls in the Compliance Management module.
Step 1: Create Templates and Scopes
First, we recommend that you create a template and then convert that template to a scope. You can either create a custom template, or you can contact your Customer Success Manager to have a managed template added to your account. For more information, see our Managed Templates and How to Create Custom Templates for Scopes articles.
After you create a template, you can create a scope by converting the template to a scope. A scope holds a set of related requirements, controls, and evidence that is necessary for meeting compliance objectives. To learn how to convert a template to a scope, see our How to Convert a Template to a Scope article.
Step 2: Create Users to Work in Scopes and Controls
After you create a scope, we recommend that you add users to your platform so that these users can start contributing to the scope. We recommend that you create user accounts for users that will be responsible for managing the scope and users who will be responsible for completing control tasks under the scope.
To get started, you will need to determine which user roles are most applicable to your organization. The Scope Administrator and Contributor user roles are specific to working in the Compliance Management module.
For more information about the Scope Administrator and Contributor user roles, see the details below:
- Scope Administrators: You can give Scope Administrators access to specific scopes. For more information, see the Creating User Accounts of our How to Create and Manage KCM GRC User Accounts article. Then, the Scope Administrator can manage the scopes that they have access to. For example, a Scope Administrator could complete a scope self-assessment for a scope, create controls to satisfy a scope's requirements, and create tasks for the controls under the scope. Scope Administrators can also monitor adherence to compliance controls.
- Contributors: We suggest assigning the Contributor user role to employees that will be responsible for submitting task evidence for one or more controls. Additionally, users who have the Contributor role can be assigned to a task as the Approving Manager or the Second-level Approving Manager.
Once you have determined which user roles are most applicable to your organization, you can create user accounts and assign user roles to the user accounts. For more information, see the Creating User Accounts section of our How to Create and Manage KCM GRC User Accounts article.
Step 3: Complete the Scope Self-Assessment
After you create a scope and add users to your platform, we recommend that you complete a scope self-assessment for the scope. You can use scope-self-assessments to evaluate your organization's current level of compliance for your scopes.
During the assessment, you can select a status for each requirement in the scope to specify whether your organization is currently meeting the requirement.
For more information, see our How to Complete a Scope Self-Assessment article.
Step 4: Create Controls and Tasks
Finally, we recommend that you create controls for the requirements in your scope. You can either create controls individually or create controls in bulk by importing a CSV file. For more information, see our How to Create Controls for Scoped Requirements article.
After you create controls, you can create tasks for the controls. Then, you can assign the tasks to your users so that they can submit evidence for the tasks. To learn how to create tasks, see our How to Work with Tasks for Controls article.