The purpose of this blog is to explain the steps and usage of our documents will help you achieve the required compliance.

If you are reading this, it is highly likely that YOU have been nominated by the organisation to play either the role of the compliance officer or the project manager – who has the responsibility to get this implemented in the organisation.

The steps below explain the overall approach required to get this accomplished.

Step 1 – Upon procuring the applicable toolkit, read each Coral document and understand the contents. Upon reading these documents, you will understand these documents belong to specific team or individual in your organisation.

Step 2 – Seek Nominations – One of our templates will help you to define your organisation structure and nominate individuals. Chances are, that you already have the organisation chart with you. In each compliance journey, there will representation from top management, customer facing teams or customer delivery functions and support functions, that includes IT support, legal, human resources, physical security, supplier management etc.

Step 3 – Assess who is the right role in the organisation to take ownership of the documented policy. You will have broadly three categories of roles.

  • All Users that includes all employees – there are policies that needs implementation by all. These are generally topics/issues that require awareness of all employees. We generally recommend that these documents are owned by the compliance manager (YOU) and communicate to all employees.
  • All head of departments (HODs) – these are generally those policies where typically a head of department is responsible. One such example is approving and reviewing access. Even for this we generally recommend that these documents are owned by the compliance manager (YOU) and communicate to all HODs.
  • Specific domains – These relate to specific control areas that include Top Management, Human Resources, Physical security, IT Operations, Application Development, Supplier Management/Procurement, and off course the compliance manager, the role responsible for managing the whole framework.

Step 4 – Conduct an awareness session using one of our presentations, with each one of these head of departments, one by one and share their applicable documents. One of our templates help you define a meeting plan that is based on the nominations you have already in place using step 2.

Step 5 – Track the policy approval and communication. Using one of our templates, you can now track the progress of the project, including which role has which document been given on a specific date.

Step 6 – Self Declaration – One of the templates we provided is a template for self-declaration. Self-declaration is a method by each policy owner will declare that they have understood, accepted and would align their activities with the policy documents. This helps in achieving policy ownership on one hand and identifying any process risk on the other.

Step 7 – Risk Register – Encourage each team to report any loophole in people, process and technology. Using our risk-reporting template, document the risk, correlate with the risk areas, and communicate the risk to risk owner. Our template on risk assessment and risk management helps you achieve this.

Step 8 – Measurement – There are 20+ measurements across the organisation that relate to any compliance program. Each of our policy document has a section on procedure that provides the steps associated to the policy. Our methodology will help you the objective, the method of measurement calculation and the reporting method to perform the measurement. Using one of our transaction analysis template – which shows how to analyze each transaction – you will measure one transaction. These measurements will give you the confidence that the documented policies and procedure agreed with the teams are indeed in place and are working.

Step 9 – Internal Audit – Once the above is completed, you may perform one round of internal audit using the templates provided. The templates will help you to perform the audit and document the results.

Step 10 – Complete this process by a management review – again, for which a template is provided. Management reviews the performance of the whole compliance program.

Step 11 – Folder Structure – For someone like you, we provide a folder structure which helps you to see the whole project in 10 folders. These folders give you a framework to manage your content in a logical and sequential manner. Each compliance requirement has certain nuances that needs to be understood and these folders help you to achieve this to track the progress of the project.

Step 12 – Project communication – Using one of our communication template, you can send an email to all head of departments explaining how you will execute the assignment, and keep everyone aware. This will help them to know their role and their contribution to achieve certification/attestation. We give you a template where you can list down all your compliance tasks in a sequential manner and update project stakeholders the current status of the compliance program.

Once the above is complete, you are now ready for external certification/attestation you have chosen.

Each standard is a set of requirements. For each compliance standard, we give you a document that shows a matrix of how each requirement of the standard is mapped with one of the policy documents you have created and approved.

Once your certification is complete, we provide a template that helps you to define monthly ongoing tasks that a compliance manager either need to perform or track at the enterprise level. Note that with your certification/attestation in place you have created the perfect design to maintain the organisation requirements.

Finally, we are just a call or email away. If you are stuck, we are there to support you.

Author : Probal C

Tags :