Consolidating Evidence, Document, and Policy management已回答
Trying to get documentation into KCM is scattered across multiple areas and can be confusing and frustrating to properly maintain:
- "Documents" can only be uploaded/linked to a Control, which then appear under the main "Documents" section
- "Evidence" will only appear within the Control if it was uploaded/linked to a Task associated with that Control
- Documents uploaded to a Control cannot be used as Evidence for that Control's Task
- "Policy Management" only allows uploading policies, and you are directed to the "Documents" section to edit them
- The "All" tab of Policy Management doesn't discern between what kind of document each one is, only the Name, Date, and possible Actions are shown
- Any policies uploaded cannot be used as either Documents or Evidence
- While both Documents and Evidence are visible in the "Documents" section, you can only edit existing items rather than upload items
- You must also upload/link the same file multiple times if it applies to multiple Controls, Requirements, and/or Tasks, rather than uploading it once and linking it to multiple Compliance items
Rather than going into each Control, uploading documents/links to Support Evidence, then repeating for each Control, I would much prefer to upload and/or link all of our existing documentation, evidence, and policies under the "Documents" section, then connect them to the appropriate item.
For PCI, a single policy can apply to multiple controls, so we wind up uploading the same policy multiple times as Evidence; our "Network Security Policy" appears 13 times under Documents > Evidence.
Uploading documents should be a "one and done", then allowing us to link that particular file to the necessary Compliance item.
Thanks for reaching out to the community discussion board for KCM GRC! I can certainly understand how a bulk upload button under the Evidence and Policy tabs in our Documents repository would help you and your team work more efficiently in KCM. Great idea! I’ve submitted a feature request for this functionality to the development team.
While feature requests aren't guaranteed changes, they are tracked for user interest and considered when our development team makes updates to KCM GRC.