Resources for IT Professionals >
Forums Home
>
Solution Accelerators Forums
>
Compliance Management
>
FAQ: Will the Compliance Planning Guide map every GRC authority document?
FAQ: Will the Compliance Planning Guide map every GRC authority document?
- Summary
(this post is subject to modification at any time)
This FAQ explains the GRC authority document mapping strategy within the Compliance Planning Guide. Many will ask why a specific authority document was not included, or why more specific guidance was not provided for GRC requirements within mapped authority documents.
Short Answer:
The Compliance Planning Guide includes information pertaining to eight GRC authority documents that represent a broad range of GRC subject matter. GRC authority documents were chosen for their general applicability to world-wide business, GRC subject matter coverage, and breadth of deployment. Future revisions of guidance may include additional mappings to other GRC authority documents, but there are no plans to map every authority document. Consult the forum for GRC authority document-specific postings. We expect to manage GRC authority document-specific guidance through this forum, as it allows others to share their experiences.
Frequently Asked Questions:
1. Will you be mapping to regulation X or standard Y within the published guidance?
2. How often will you update mappings when the authority documents inevitably change?
3. How were the eight example GRC authority documents chosen?
4. Will more GRC authority documents be included in the guidance?
5. I understand the idea of GRC authority document examples, but you missed a key component that isn't covered in your example authority documents. How can I let you know so the next revision of guidance can be improved?
Answers:
1. Will you be mapping to regulation X or standard Y within the published guidance?
Additional GRC authority documents will not be mapped within the published guidance. The eight authority documents presently mapped are meant to provide examples of GRC requirements, and how these requirements may be managed through existing or new business process and technology deployments.
This forum will provide a communication and reference point for all IT professionals interested in the GRC experiences and expectations of others when dealing with GRC subject matter far beyond the provided guidance. Postings may address any one of the 400+ existing GRC authority documents, experiences of IT professionals, and postings from auditors. It is expected that this forum will become as valuable a resource (if not more so) than the published guidance.
If you have a GRC authority document related question, post it in the forum.
2. How often will you update mappings when the authority documents inevitably change?
Each GRC authority document represented within the published guidance refers to the current version of each GRC authority document at the time of publication. If a new version of a represented GRC authority document is released in the future, an announcement will be published in this forum.
3. How were the eight example GRC authority documents chosen?
GRC authority documents were chosen for their applicability to world-wide business, representation of GRC focus, and breadth of deployment. Chances are high that the GRC requirements within these authority documents are shared with other authority documents applicable to your organization. Consult your GRC subject matter expert to determine where these commonalities exist.
4. Will more GRC authority documents be included in the guidance?
Additional GRC authority documents may be included within the next version of guidance, depending upon customer needs. The guidance is not meant to map all GRC authority documents, but rather demonstrate an effective method by which an organization can manage any GRC authority documents applicable to the organization.
5. I understand the idea of GRC authority document examples, but you missed a key component or requirements that isn't covered in your example authority documents. How can I let you know so the next revision of guidance can be improved?
Post in the forum! We really want to understand how technology can relieve the burden of compliance. There is no better way than hearing from you. You may be a GRC expert, or new to this material. Whatever your level, your experiences are immensely valuable to the community. You are definitely not alone, and a dedicated team at Microsoft wants to hear what you have to say. Your comments can result in significant changes to one or more Microsoft products, and personal recognition in future guidance.- Edited byJeffrey MMSFT, OwnerTuesday, November 04, 2008 7:57 PM
All Replies
- Summary
(this post is subject to modification at any time)
This FAQ explains the GRC authority document mapping strategy within the Compliance Planning Guide. Many will ask why a specific authority document was not included, or why more specific guidance was not provided for GRC requirements within mapped authority documents.
Short Answer:
The Compliance Planning Guide includes information pertaining to eight GRC authority documents that represent a broad range of GRC subject matter. GRC authority documents were chosen for their general applicability to world-wide business, GRC subject matter coverage, and breadth of deployment. Future revisions of guidance may include additional mappings to other GRC authority documents, but there are no plans to map every authority document. Consult the forum for GRC authority document-specific postings. We expect to manage GRC authority document-specific guidance through this forum, as it allows others to share their experiences.
Frequently Asked Questions:
1. Will you be mapping to regulation X or standard Y within the published guidance?
2. How often will you update mappings when the authority documents inevitably change?
3. How were the eight example GRC authority documents chosen?
4. Will more GRC authority documents be included in the guidance?
5. I understand the idea of GRC authority document examples, but you missed a key component that isn't covered in your example authority documents. How can I let you know so the next revision of guidance can be improved?
Answers:
1. Will you be mapping to regulation X or standard Y within the published guidance?
Additional GRC authority documents will not be mapped within the published guidance. The eight authority documents presently mapped are meant to provide examples of GRC requirements, and how these requirements may be managed through existing or new business process and technology deployments.
This forum will provide a communication and reference point for all IT professionals interested in the GRC experiences and expectations of others when dealing with GRC subject matter far beyond the provided guidance. Postings may address any one of the 400+ existing GRC authority documents, experiences of IT professionals, and postings from auditors. It is expected that this forum will become as valuable a resource (if not more so) than the published guidance.
If you have a GRC authority document related question, post it in the forum.
2. How often will you update mappings when the authority documents inevitably change?
Each GRC authority document represented within the published guidance refers to the current version of each GRC authority document at the time of publication. If a new version of a represented GRC authority document is released in the future, an announcement will be published in this forum.
3. How were the eight example GRC authority documents chosen?
GRC authority documents were chosen for their applicability to world-wide business, representation of GRC focus, and breadth of deployment. Chances are high that the GRC requirements within these authority documents are shared with other authority documents applicable to your organization. Consult your GRC subject matter expert to determine where these commonalities exist.
4. Will more GRC authority documents be included in the guidance?
Additional GRC authority documents may be included within the next version of guidance, depending upon customer needs. The guidance is not meant to map all GRC authority documents, but rather demonstrate an effective method by which an organization can manage any GRC authority documents applicable to the organization.
5. I understand the idea of GRC authority document examples, but you missed a key component or requirements that isn't covered in your example authority documents. How can I let you know so the next revision of guidance can be improved?
Post in the forum! We really want to understand how technology can relieve the burden of compliance. There is no better way than hearing from you. You may be a GRC expert, or new to this material. Whatever your level, your experiences are immensely valuable to the community. You are definitely not alone, and a dedicated team at Microsoft wants to hear what you have to say. Your comments can result in significant changes to one or more Microsoft products, and personal recognition in future guidance.
MSDN Summary
(this post is subject to modification at any time)
This FAQ explains the GRC authority document mapping strategy within the Compliance Planning Guide. Many will ask why a specific authority document was not included, or why more specific guidance was not provided for GRC requirements within mapped authority documents.
Short Answer:
The Compliance Planning Guide includes information pertaining to eight GRC authority documents that represent a broad range of GRC subject matter. GRC authority documents were chosen for their general applicability to world-wide business, GRC subject matter coverage, and breadth of deployment. Future revisions of guidance may include additional mappings to other GRC authority documents, but there are no plans to map every authority document. Consult the forum for GRC authority document-specific postings. We expect to manage GRC authority document-specific guidance through this forum, as it allows others to share their experiences.
Frequently Asked Questions:
1. Will you be mapping to regulation X or standard Y within the published guidance?
2. How often will you update mappings when the authority documents inevitably change?
3. How were the eight example GRC authority documents chosen?
4. Will more GRC authority documents be included in the guidance?
5. I understand the idea of GRC authority document examples, but you missed a key component that isn't covered in your example authority documents. How can I let you know so the next revision of guidance can be improved?
Answers:
1. Will you be mapping to regulation X or standard Y within the published guidance?
Additional GRC authority documents will not be mapped within the published guidance. The eight authority documents presently mapped are meant to provide examples of GRC requirements, and how these requirements may be managed through existing or new business process and technology deployments.
This forum will provide a communication and reference point for all IT professionals interested in the GRC experiences and expectations of others when dealing with GRC subject matter far beyond the provided guidance. Postings may address any one of the 400+ existing GRC authority documents, experiences of IT professionals, and postings from auditors. It is expected that this forum will become as valuable a resource (if not more so) than the published guidance.
If you have a GRC authority document related question, post it in the forum.
2. How often will you update mappings when the authority documents inevitably change?
Each GRC authority document represented within the published guidance refers to the current version of each GRC authority document at the time of publication. If a new version of a represented GRC authority document is released in the future, an announcement will be published in this forum.
3. How were the eight example GRC authority documents chosen?
GRC authority documents were chosen for their applicability to world-wide business, representation of GRC focus, and breadth of deployment. Chances are high that the GRC requirements within these authority documents are shared with other authority documents applicable to your organization. Consult your GRC subject matter expert to determine where these commonalities exist.
4. Will more GRC authority documents be included in the guidance?
Additional GRC authority documents may be included within the next version of guidance, depending upon customer needs. The guidance is not meant to map all GRC authority documents, but rather demonstrate an effective method by which an organization can manage any GRC authority documents applicable to the organization.
5. I understand the idea of GRC authority document examples, but you missed a key component or requirements that isn't covered in your example authority documents. How can I let you know so the next revision of guidance can be improved?
Post in the forum! We really want to understand how technology can relieve the burden of compliance. There is no better way than hearing from you. You may be a GRC expert, or new to this material. Whatever your level, your experiences are immensely valuable to the community. You are definitely not alone, and a dedicated team at Microsoft wants to hear what you have to say. Your comments can result in significant changes to one or more Microsoft products, and personal recognition in future guidance.
MSDN
MSDN
