Compliance Lifecycle
Compliance cycle:
- Monitor
- Review
- Document
- Report
Monitor
- monitor on an ongoing basis
- determine whether controls effectively mitigate or reduce risk
Review
- Review to determine whether controls are still effective
- old risks evolve and new risks arise
- determine if need new controls or retired old controls
Document
- Document the results of reviews
- Track changes to a control’s environment
- Enable to evaluate trends, predict future control changes, forecast resources needed
Report
- Report results to keep leadership aware of state of controls
- Enable leadership to make informed decisions
- Provide means of requesting staff and resources