SP9: Ensure compliance: Difference between revisions

From YaSM Service Management Wiki
No edit summary
 
No edit summary
 
(19 intermediate revisions by the same user not shown)
Line 1: Line 1:
<itpmch><title>SP9: Ensure compliance | YaSM Service Management Wiki</title>
<itpmch><title>SP9: Ensure compliance | YaSM Service Management Wiki</title>
<meta name="keywords" content="compliance service provider, yasm compliance management, service management compliance process" />
<meta name="keywords" content="compliance service provider, yasm compliance management, service management compliance process" />
<meta name="description" content="YaSM process: Ensure compliance (SP9). - Definition, sub-processes, process outputs, process metrics and roles." />
<meta name="description" content="The compliance management process in YaSM is responsible for identifying the compliance requirements which are relevant for the organization's services, processes and systems and for defining the approach for fulfilling those requirements." />
<meta name="thumbnail" content="https://yasm.com/wiki/en/img/yasm-process/thumbnail/Ensure-compliance-yasm-sp9.jpg" />
<meta property="og:url" content="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance" />
<meta property="og:title" content="SP9: Ensure compliance | YaSM Service Management Wiki" />
<meta property="og:description" content="The compliance management process in YaSM is responsible for identifying the compliance requirements which are relevant for the organization's services, processes and systems and for defining the approach for fulfilling those requirements." />
<meta property="og:site_name" content="YaSM Service Management">
<meta property="og:type" content="article" />
<meta property="og:image" content="https://yasm.com/wiki/en/img/yasm-process/16x9/Ensure-compliance-yasm-sp9.jpg" />
<meta property="og:image:width" content="1200" />
<meta property="og:image:height" content="675" />
<link href="https://plus.google.com/104150539756444616711/posts" rel="publisher" />
</itpmch>
</itpmch>
<html><div itemscope="itemscope" itemtype="https://schema.org/WebPage"><!-- define schema.org/WebPage --><p>
<html><div class="noresize"><a href="https://yasm.com/wiki/de/index.php/SP9:_Sicherstellen_von_Compliance"><img src="https://yasm.com/wiki/en/img/yasm-wiki/YaSM-Wiki-Deutsch.png" width="210" height="54" style="float:right;" alt="auf Deutsch" title="This page in German" /></a></div><br style="clear:both;"/>
<a href="https://yasm.com/wiki/de/index.php/SP9%3A%20Sicherstellen%20von%20Compliance"><img src="https://yasm.com/wiki/en/img/yasm-wiki/yasm-wiki-deutsch.png" width="48" height="30" style="float:right;" alt="auf Deutsch" title="diese Seite auf Deutsch" /></a><br style="clear:both;"/>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p><b>Process name:</b> <a href="#Process_description" title="SP9: Ensure compliance - Process description">Ensure compliance</a> - <b>Part of</b>: <a itemprop="isPartOf" href="https://yasm.com/wiki/en/index.php/YaSM%20Processes#supporting-service-management-processes" title="YaSM supporting service management processes">Supporting service management processes</a></p>
<p><b>Previous process:</b> <a href="https://yasm.com/wiki/en/index.php/SP8%3A%20Prepare%20for%20disaster%20events" title="SP8: Prepare for disaster events">Prepare for disaster events</a></p>
<p><b>Next process:</b> <a href="https://yasm.com/wiki/en/index.php/SP10%3A%20Manage%20human%20resources" title="SP10: Manage human resources">Manage human resources</a></html>


<p><b>Process name:</b> <a href="#Process_description">Ensure compliance</a> - <b>Part of:</b> <a href="/wiki/en/index.php/Service_Management_Processes#Supporting_processes" title="The supporting processes in YaSM service management">Supporting processes</a>
</p><p><b>Previous process:</b> <a href="/wiki/en/index.php/SP8:_Ensure_continuity" title="SP8: Ensure continuity">Ensure continuity</a>
</p><p><b>Next process:</b> <a href="/wiki/en/index.php/SP10:_Manage_human_resources" title="SP10: Manage human resources">Manage human resources</a></html>
<p>&nbsp;</p>
<p>&nbsp;</p>


==Process description==
==Process description==


<html><div itemscope itemtype="https://schema.org/ImageObject" style="width:647px;"><img itemprop="contentUrl" style="margin:20px 0px 10px 0px;" src="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" width="647" height="306" title="Fig. 1: Ensure compliance. - YaSM process SP9" alt="Ensure compliance. - YaSM compliance process SP9." /><div class="thumbcaption"><span style="font-variant:small-caps;"><b>Figure 1:</b></span> <small><span itemprop="caption">"Ensure compliance". - YaSM supporting service management process SP9.</span></small></div></div><br style="clear:both;"/>
<html>Many organizations are subject to various types of compliance requirements, such as laws, industry standards, etc.</p>


<p><span itemprop="description">Many organizations are subject to various types of compliance requirements, such as laws, industry standards, etc. The <span itemprop="alternativeHeadline">YaSM process for ensuring compliance</span> ("<strong class="selflink"><span itemprop="name Headline">SP9: Ensure compliance</span></strong>") is responsible for identifying the compliance requirements which are relevant for the organization's services, processes and systems and for defining the approach for fulfilling those requirements.</span></p>
<p><span id="md-itempage-description" itemprop="description">The <b><span style="color:#465674;">compliance management process</span></b> in YaSM (<a href="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" title="YaSM compliance management (SP9)">fig. 1</a>) is responsible for identifying the compliance requirements which are relevant for the organization's services, processes and systems and for defining the approach for fulfilling those requirements.</span></p>


<p>All applicable compliance requirements are managed through the compliance register, where the properties of the requirements are described. The compliance register also lists any compliance controls or mechanisms which need to be in place to achieve compliance. In this respect, compliance controls and mechanisms may be technical solutions or suitable organizational procedures built into the service management processes, policies and guidelines.</p>
<p>All applicable compliance requirements are managed through the compliance register, where the properties of the requirements are described. The compliance register also lists any compliance controls or mechanisms which need to be in place to achieve compliance. In this respect, compliance controls and mechanisms may be technical solutions or suitable organizational procedures built into the service management processes, policies and guidelines.</p>
<p>&nbsp;</p>


<p>Typically, the compliance process will be called upon to assess the implications on compliance requirements when services or processes are to be established or modified.</p>
<div itemid="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" itemscope itemtype="https://schema.org/ImageObject">
<meta itemprop="width" content="1200" />
<meta itemprop="height" content="675" />
<meta itemprop="keywords" content="yasm compliance process" />
<meta itemprop="keywords" content="yasm compliance management" />
<meta itemprop="keywords" content="compliance management" />
<meta itemprop="representativeOfPage" content="true"/>
<meta itemprop="dateCreated" content="2014-05-02" />
<meta itemprop="datePublished" content="2014-05-08" />
<meta itemprop="dateModified" content="2024-05-20" />
<span itemprop="thumbnail" itemscope itemtype="https://schema.org/ImageObject">
  <meta itemprop="url" content="https://yasm.com/wiki/en/img/yasm-process/16x9/Ensure-compliance-yasm-sp9.jpg" />
  <meta itemprop="width" content="1200" />
  <meta itemprop="height" content="675" />
  <meta itemprop="dateCreated" content="2020-06-13" />
  <meta itemprop="datePublished" content="2020-06-15" />
  <meta itemprop="dateModified" content="2024-05-20" />
</span>
<span itemprop="thumbnail" itemscope itemtype="https://schema.org/ImageObject">
  <meta itemprop="url" content="https://yasm.com/wiki/en/img/yasm-process/800px/Ensure-compliance-yasm-sp9.jpg" />
  <meta itemprop="width" content="800" />
  <meta itemprop="height" content="450" />
  <meta itemprop="dateCreated" content="2024-05-23" />
  <meta itemprop="datePublished" content="2024-05-30" />
</span>
<span itemprop="thumbnail" itemscope itemtype="https://schema.org/ImageObject">
  <meta itemprop="url" content="https://yasm.com/wiki/en/img/yasm-process/480px/Ensure-compliance-yasm-sp9.jpg" />
  <meta itemprop="width" content="480" />
  <meta itemprop="height" content="270" />
  <meta itemprop="dateCreated" content="2024-05-23" />
  <meta itemprop="datePublished" content="2024-05-30" />
</span>
<span itemprop="thumbnail" itemscope itemtype="https://schema.org/ImageObject">
  <meta itemprop="url" content="https://yasm.com/wiki/en/img/yasm-process/thumbnail/Ensure-compliance-yasm-sp9.jpg" />
  <meta itemprop="width" content="1200" />
  <meta itemprop="height" content="1200" />
  <meta itemprop="dateCreated" content="2025-03-05" />
  <meta itemprop="datePublished" content="2025-03-09" />
</span>
<figure class="mw-halign-left" typeof="mw:File/Thumb"><a itemprop="contentUrl" href="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" title="Ensure compliance. - YaSM compliance management process SP9"><img srcset="https://yasm.com/wiki/en/img/yasm-process/480px/Ensure-compliance-yasm-sp9.jpg 480w, https://yasm.com/wiki/en/img/yasm-process/800px/Ensure-compliance-yasm-sp9.jpg 800w, https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg 1200w" sizes="100vw" src="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" fetchpriority="high" decoding="async" width="800" height="450" class="mw-file-element" alt="Fig. 1: Ensure compliance. - YaSM compliance management process SP9." /></a><figcaption><span style="font-variant:small-caps;"><b>Fig. 1: 'Ensure compliance'</b><br /><a href="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" title="YaSM compliance management SP9">YaSM compliance management process ('SP9')</a>.</span></figcaption></figure></div></html>
<br style="clear:both;"/>


<p>If the compliance manager detects that compliance controls and mechanisms need to be upgraded, it will be the responsibility of the service or process owners to create those controls as part of the service or process implementation.</p>
Typically, the compliance process will be called upon to assess the implications on compliance requirements when services or processes are to be established or modified.


<p><i>Note: YaSM provides a basic process for ensuring compliance with laws, regulations, industry standards, etc., which highlights the most important compliance-related activities and describes the interfaces with the other YaSM processes.</i></html>
If the compliance manager detects that compliance controls and mechanisms need to be upgraded, it will be the responsibility of the service or process owners to create those controls as part of the service or process implementation.
<p>&nbsp;</p>


<p>&nbsp;</p>
<html><i><u>Compatibility</u>: YaSM provides a basic process for ensuring compliance with laws, regulations, industry standards, etc., which highlights the most important compliance-related activities and describes the interfaces with the other YaSM processes. This process <a href="/wiki/en/index.php/YaSM_and_ISO_20000#ISO_20000_requirements_and_related_service_management_processes" title="YaSM and ISO 20000">aligned with ISO 20000</a>, the international standard for service management (see ISO/IEC 20000-1:2018, <a href="/wiki/en/index.php/YaSM_and_ISO_20000#Improvement" title="ISO 20000 section 10: Improvement">section 10</a>).</i></html>


==Sub-processes==
==Sub-processes==


<html><div itemscope="itemscope" itemtype="https://schema.org/ItemList"><!-- define schema.org/ItemList -->
<html>The compliance management process in YaSM has the following sub-processes:</p>
<meta itemprop="itemListOrder" content="Ascending" />
<p><span itemprop="name" content="SP9: Ensure compliance. - Sub-processes:"><i>"Ensure compliance"</i> has the following sub-processes:</span>
</p>
<p>&#160;</p>
<p><b><span id="SP9.1" itemprop="itemListElement">SP9.1: Identify compliance requirements</span></b></p>
<ul><li itemprop="description">Process objective: To identify the compliance requirements which need to be fulfilled by the service provider.</li></ul>
<p><br /></p>
<p><b><span id="SP9.2" itemprop="itemListElement">SP9.2: Define compliance controls</span></b></p>
<ul><li itemprop="description">Process objective: To define the objectives and specify the details of the controls and mechanisms which need to be put in place to fulfill the compliance requirements.</li></ul>
<p><br /></p>
<p><b><span id="SP9.3" itemprop="itemListElement">SP9.3: Perform compliance reviews</span></b></p>
<ul><li itemprop="description">Process objective: To submit the compliance controls and mechanisms to regular reviews, and to identify areas where compliance must be improved.</li></ul>
</div><!-- end of schema.org/ItemList --><p></html>


<p>&nbsp;</p>
<!-- define schema.org/CreativeWork -->
<link id="md-type-subProcess" itemprop="additionalType" href="http://www.productontology.org/id/Procedure_(business)" />
<div itemid="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#SP9.1" itemscope itemtype="https://schema.org/CreativeWork" itemref="md-type-subProcess">
<meta itemprop="alternateName" content="YaSM compliance management process SP9.1" />
<dl id="SP9.1"><dt itemprop="name">SP9.1: Identify compliance requirements</dt>
<dd itemprop="description">Process objective: To identify the compliance requirements which need to be fulfilled by the service provider.</dd></dl>
</div>
<div itemid="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#SP9.2" itemscope itemtype="https://schema.org/CreativeWork" itemref="md-type-subProcess">
<meta itemprop="alternateName" content="YaSM compliance management process SP9.2" />
<dl id="SP9.2"><dt itemprop="name">SP9.2: Define compliance controls</dt>
<dd itemprop="description">Process objective: To define the objectives and specify the details of the controls and mechanisms which need to be put in place to fulfill the compliance requirements.</dd></dl>
</div>
<div itemid="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#SP9.3" itemscope itemtype="https://schema.org/CreativeWork" itemref="md-type-subProcess">
<meta itemprop="alternateName" content="YaSM compliance management process SP9.3" />
<dl id="SP9.3"><dt itemprop="name">SP9.3: Perform compliance reviews</dt>
<dd itemprop="description">Process objective: To submit the compliance controls and mechanisms to regular reviews, and to identify areas where compliance must be improved.</dd></dl>
</div><!-- end of schema.org/CreativeWork --><p></html>


==Process outputs==
==Process outputs==


<html><div itemscope="itemscope" itemtype="https://schema.org/ItemList"><!-- define schema.org/ItemList -->
<html><!-- define schema.org/DefinedTermSet -->
<meta itemprop="itemListOrder" content="Ascending" />
<div itemid="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#process-inputs-outputs" itemscope="itemscope" itemtype="https://schema.org/DefinedTermSet">
<p>This section lists the <span itemprop="name">documents and records produced by <i>"Ensure compliance"</i></span>. YaSM data objects <a href="#ydo" title="YaSM data object">[*]</a> are marked with an asterisk, while other objects are displayed in gray.</p>
<link itemprop="additionalType" href="http://www.productontology.org/id/Input/output" />
<p>&#160;</p>
<meta itemprop="name" content="YaSM process SP9: documents and records" />
<p><b><span itemprop="itemListElement">Change record</span></b> <a href="#ydo" title="YaSM data object">[*]</a></p>
<meta itemprop="alternateName" content="Compliance management process outputs" />
<ul><li itemprop="description">A change record contains all details of a change, documenting the lifecycle of a single change. In its initial state, a change record describes a request for change (RFC) which is to be assessed and authorized prior to implementing the change. Further information is added as the change progresses through its lifecycle.</li></ul>
<meta itemprop="alternateName" content="Compliance management data objects" />
<p><br /></p>
<p><span itemprop="description">This section lists the documents and records produced by the compliance process.</span> YaSM data objects <a href="#ydo" title="YaSM data object">[*]</a> are marked with an asterisk, while other objects are displayed in gray.</p>
<p><b><span id="Compliance-policy" itemprop="itemListElement">Compliance policy</span></b> <a href="#ydo" title="YaSM data object">[*]</a></p>
 
<ul><li itemprop="description">The compliance policy describes and communicates the organization's approach to ensuring compliance with legal requirements, industry standards, etc. To be effective, the policy needs the backing of top management and must be communicated to all relevant stakeholders.</li></ul>
<dl>
<p><br /></p>
<div itemprop="hasDefinedTerm" itemscope itemtype="https://schema.org/DefinedTerm">
<p><b><span id="Compliance-register" itemprop="itemListElement">Compliance register</span></b> <a href="#ydo" title="YaSM data object">[*]</a></p>
<dt itemprop="name">Change record</dt>
<ul><li itemprop="description">The compliance register is a tool used by the compliance manager to keep an overview of all compliance requirements applicable to the service provider. The compliance register also states the controls and mechanisms put in place to ensure the service provider organization fulfills the compliance requirements.</li></ul>
<dd itemprop="description" style="margin-bottom: 1em;">A change record contains all details of a change, documenting the lifecycle of a single change. In its initial state, a change record describes a request for change (RFC) which is to be assessed and authorized prior to implementing the change. Further information is added as the change progresses through its lifecycle. <a href="#ydo" title="YaSM data object">[*]</a></dd></div>
<p><br /></p>
<div itemprop="hasDefinedTerm" itemscope itemtype="https://schema.org/DefinedTerm">
<p><b><span id="Compliance-review-report" itemprop="itemListElement">Compliance review report</span></b> <a href="#ydo" title="YaSM data object">[*]</a></p>
<dt itemprop="name" id="Compliance-register">Compliance register</dt>
<ul><li itemprop="description">A compliance review report records the details and findings from a compliance review or audit. This report is an important input for improving the service provider’s compliance with legal requirements, industry standards, etc.</li></ul>
<dd itemprop="description" style="margin-bottom: 1em;">The compliance register is a tool used by the compliance manager to keep an overview of all compliance requirements applicable to the service provider. The compliance register also states the controls and mechanisms put in place to ensure the service provider organization fulfills the compliance requirements. <a href="#ydo" title="YaSM data object">[*]</a></dd></div>
<p><br /></p>
<div itemprop="hasDefinedTerm" itemscope itemtype="https://schema.org/DefinedTerm">
<p><b><span id="Request-to-assess-compliance-implications" itemprop="itemListElement" style="color:#636363">Request to assess compliance implications</span></b></p>
<dt itemprop="name" id="Compliance-review-report">Compliance review report</dt>
<ul><li itemprop="description" style="color:#636363">A request to assess which compliance requirements are relevant for a new or changed service, typically issued during service design.</li></ul>
<dd itemprop="description" style="margin-bottom: 1em;">A compliance review report records the details and findings from a compliance review or audit. This report is an important input for improving the service provider’s compliance with legal requirements, industry standards, etc. <a href="#ydo" title="YaSM data object">[*]</a></dd></div>
<p><br /></p>
<div style="color:#636363" itemprop="hasDefinedTerm" itemscope itemtype="https://schema.org/DefinedTerm">
<p><b><span itemprop="itemListElement" style="color:#636363">Suggested process modification</span></b></p>
<dt itemprop="name">Suggested process modification</dt>
<ul><li itemprop="description" style="color:#636363">A suggestion for modifying one or several service management processes. Suggestions for process modifications or improvements may originate from anywhere within the organization.</li></ul>
<dd itemprop="description" style="margin-bottom: 1em;">A suggestion for modifying one or several service management processes. Suggestions for process modifications or improvements may originate from anywhere within the organization.</dd></div>
<p><br /></p>
<div style="color:#636363" itemprop="hasDefinedTerm" itemscope itemtype="https://schema.org/DefinedTerm">
<p><b><span itemprop="itemListElement" style="color:#636363">Suggested service modification</span></b></p>
<dt itemprop="name">Suggested service modification</dt>
<ul><li itemprop="description" style="color:#636363">A suggestion for modifying a service, for example to improve service quality or economics. Suggestions may originate from anywhere within or outside of the service provider organization.</li></ul>
<dd itemprop="description" style="margin-bottom: 1em;">A suggestion for modifying a service, for example to improve service quality or economics. Suggestions may originate from anywhere within or outside of the service provider organization.</dd></div>
</div><!-- end of schema.org/ItemList --><p>
</dl>
</div><!-- end of schema.org/DefinedTermSet --><p>


<p>&nbsp;</p>
<p>&nbsp;</p>
<hr />
<hr />
<p><i><b>Notes:</b></i>
<p><i><u>Notes</u>:</i>
</p><p><span id="ydo"><strong>[*]</strong> <i>"YaSM data objects"</i> are those documents or records for which the YaSM model provides detailed recommendations: Every YaSM object has an associated checklist (see <a href="https://yasm.com/wiki/en/index.php/YaSM%20Checklists" title="Example: YaSM checklists and document templates">example</a>) describing its typical contents, and an associated lifecycle diagram depicting how the status of the object changes as it is created, updated, read and archived by various YaSM processes (see <a href="https://yasm.com/wiki/en/img/yasm-project/Yasm-object-lifecycle-diagram.jpg" title="Example: YaSM object lifecycle diagram (.JPG)">example</a>).</span>
</p><p><span id="ydo"><strong>[*]</strong> <i>"YaSM data objects"</i> are those documents or records for which the YaSM model provides detailed recommendations: Every YaSM object has an associated checklist (see <a href="https://yasm.com/wiki/en/index.php/Service_Management_Checklists" title="Example: YaSM service management checklists and document templates">example</a>) describing its typical contents, and an associated lifecycle diagram depicting how the status of the object changes as it is created, updated, read and archived by various YaSM processes (see <a href="https://yasm.com/wiki/en/img/yasm-project/Yasm-object-lifecycle-diagram.jpg" title="Example: YaSM object lifecycle diagram (.JPG)">example</a>).</span>
</p><p><i>"Other objects"</i> are mostly informal data or information where YaSM has less strong views about their contents. There are no associated lifecycle diagrams or checklists.</html>
</p><p><i>"Other objects"</i> are mostly informal data or information where YaSM has less strong views about their contents. There are no associated lifecycle diagrams or checklists.</html>
<p>&nbsp;</p>


==Process metrics==
==Process metrics==


<html><p>Process metrics are used, for example, to assess if the service management processes are running according to expectations.</p>
Process metrics are used, for example, to assess if the service management processes are running according to expectations.
<p>For suggestions of <a itemprop="significantLinks" href="https://yasm.com/wiki/en/index.php/YaSM%20Metrics" title="How to measure the performance of the YaSM processes - Process metrics">suitable metrics</a>, please refer to the <a itemprop="significantLinks" href="https://yasm.com/wiki/en/index.php/YaSM%20Metrics/%20Supporting%20Service%20Management%20Processes#metrics-sp9" title="Metrics for the YaSM process SP9: Ensure compliance.">list of metrics for the YaSM compliance process</a>.</html>


<p>&nbsp;</p>
For suggestions of [[Service Management Metrics|suitable metrics]], please refer to the [[Service_Management_Metrics#Metrics_for_the_compliance_process|list of metrics for the YaSM compliance process]].


==Roles and responsibilities==
==Roles and responsibilities==


'''<span id="responsible">Process owner: Compliance manager</span>'''
<span id="responsible">Process owner: The <i>compliance manager</i>'s responsibility is to ensure that standards and guidelines are followed. In particular, this role ensures compliance with internal policies and external legal requirements.</span>
*The compliance manager's responsibility is to ensure that standards and guidelines are followed. In particular, this role ensures compliance with internal policies and external legal requirements.
 
<p>&nbsp;</p>
<p>&nbsp;</p>


{| class="wikitable sortable" style="background: white; text-align:center; vertical-align:top; font-size: 90%; line-height: 1.3em;"
{| class="wikitable" style="background: white; font-size: 95%"
|+<span style="font-size: 120%; line-height: 2.3em;">Responsibility matrix: "SP9: Ensure compliance"</span>
|+style="background:#465674; color:#ffffff; font-size: 110%"|Responsibility matrix: 'SP9: Ensure compliance'
|- style="vertical-align:top"
|- style="vertical-align:top"
! colspan="2"| YaSM role / sub-process
! colspan="2"| YaSM role / sub-process
Line 118: Line 168:
<p>&nbsp;</p>
<p>&nbsp;</p>


==[ Infobox ]==
== Notes ==
 
<html><div itemid="https://yasm.com/wiki/en/img/yasm-process/goal-definition/yasm-compliance-management-process.jpg" itemscope itemtype="https://schema.org/ImageObject">
<meta itemprop="caption" content="Process objective: YaSM compliance management - Ensure compliance (SP9)." />
<meta itemprop="width" content="1200" />
<meta itemprop="height" content="627" />
<meta itemprop="dateCreated" content="2021-09-21" />
<meta itemprop="datePublished" content="2021-09-22" />
<span itemprop="thumbnail" itemscope itemtype="https://schema.org/ImageObject">
  <meta itemprop="url" content="https://yasm.com/wiki/en/img/yasm-process/goal-definition/400px/yasm-compliance-management-process.jpg" />
  <meta itemprop="width" content="400" />
  <meta itemprop="height" content="209" />
  <meta itemprop="dateCreated" content="2023-12-12" />
  <meta itemprop="datePublished" content="2023-12-29" />
</span>
<meta itemprop="keywords" content="Compliance management process objective" />
<figure class="mw-halign-left" typeof="mw:File/Thumb"><a itemprop="contentUrl" href="https://yasm.com/wiki/en/img/yasm-process/goal-definition/yasm-compliance-management-process.jpg" title="Compliance management: process objective"><img srcset="https://yasm.com/wiki/en/img/yasm-process/goal-definition/400px/yasm-compliance-management-process.jpg 400w, https://yasm.com/wiki/en/img/yasm-process/goal-definition/yasm-compliance-management-process.jpg 1200w" sizes="100vw" src="https://yasm.com/wiki/en/img/yasm-process/goal-definition/yasm-compliance-management-process.jpg" decoding="async" width="400" height="209" class="mw-file-element" alt="The compliance management process in YaSM ensures that services, processes and systems comply with relevant legal requirements, standards, enterprise policies etc." /></a><figcaption><span style="font-variant:small-caps;">Compliance management process: Objectives</span></figcaption></figure></div>
 
<p>Is based on: The compliance prozess from the <a href="https://yasm.com/en/products/yasm-process-map" title="YaSM Process Map">YaSM Process Map</a>.</p>
<p>By:&#160;&#160;Stefan Kempter&#160;<a href="https://www.linkedin.com/in/stefankempter"><img style="margin:0px 0px 0px 0px;" src="/wiki/en/img/yasm-wiki/bookmarking/linkedin.jpg" width="16" height="16" title="By: Stefan Kempter | Profile on LinkedIn" alt="Author: Stefan Kempter, IT Process Maps GbR" /></a>&#160;&#160;and&#160;&#160;Andrea Kempter&#160;<a href="https://www.linkedin.com/in/andreakempter"><img style="margin:0px 0px 0px 0px;" src="/wiki/en/img/yasm-wiki/bookmarking/linkedin.jpg" width="16" height="16" title="By: Andrea Kempter | Profile on LinkedIn" alt="Contributor: Andrea Kempter, IT Process Maps GbR" /></a>, IT Process Maps.<br style="clear:both;"/><p>


<html><table class="wikitable">
<p>&nbsp;</p>
<tr>
<td>Link to this page:</td>
<td><a itemprop="url" href="https://yasm.com/wiki/en/index.php/SP9%3A%20Ensure%20compliance">https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance</a></td>
</tr>
<tr>
<td>Languages:</td>
<td><span itemprop="inLanguage" content="en">English</span> | <span><a itemprop="citation" class="external TEXT" href="https://yasm.com/wiki/de/index.php/SP9%3A%20Sicherstellen%20von%20Compliance" title="SP9: Sicherstellen von Compliance">Deutsch</a></span></td>
</tr>
<tr>
<td>Image:</td>
<td style="vertical-align:top"><a itemprop="primaryImageOfPage" href="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" title="Ensure compliance. - YaSM process SP9.">YaSM SP9: Ensure compliance (.JPG)</a></td>
</tr>
<tr>
<td>Author | Contributor:</td>
<td><span itemprop="author">Stefan Kempter</span>&nbsp;<a rel="author" href="https://plus.google.com/111925560448291102517"><img style="margin:0px 0px 0px 0px;" src="/wiki/en/img/yasm-wiki/bookmarking/google.jpg" width="16" height="16" title="By: Stefan Kempter | Profile on Google+" alt="Author: Stefan Kempter, IT Process Maps GbR" /></a> &nbsp; and <span itemprop="contributor">Andrea Kempter</span>&nbsp;<a href="https://plus.google.com/113316270668629760475"><img style="margin:0px 0px 0px 0px;" src="/wiki/en/img/yasm-wiki/bookmarking/google.jpg" width="16" height="16" title="By: Andrea Kempter | Profile on Google+" alt="Contributor: Andrea Kempter, IT Process Maps GbR" /></a> &nbsp; - &nbsp; <span itemprop="creator copyrightHolder publisher">IT Process Maps</span>.</td>
</tr>
</table>


<p><small>
<p><small>
<span itemscope="itemscope" itemtype="http://data-vocabulary.org/Breadcrumb">
<span itemprop="breadcrumb" itemscope itemtype="https://schema.org/BreadcrumbList">
<a href="https://yasm.com/wiki/en/index.php/SP9%3A%20Ensure%20compliance#Process_description" itemprop="url"><span itemprop="title">Process description</span></a>
<span itemprop="itemListElement" itemscope itemtype="https://schema.org/ListItem">
</span>
<a itemprop="item" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#Process_description">
<span itemscope="itemscope" itemtype="http://data-vocabulary.org/Breadcrumb">
<span itemprop="name">Process description</span></a>
<a href="https://yasm.com/wiki/en/index.php/SP9%3A%20Ensure%20compliance#Sub-processes" itemprop="url"><span itemprop="title">Sub-processes</span></a>
<meta itemprop="position" content="1" /></span>
</span>
<span itemprop="itemListElement" itemscope itemtype="https://schema.org/ListItem">
<span itemscope="itemscope" itemtype="http://data-vocabulary.org/Breadcrumb">
<a itemprop="item" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#Sub-processes">
<a href="https://yasm.com/wiki/en/index.php/SP9%3A%20Ensure%20compliance#Process_outputs" itemprop="url"><span itemprop="title">Process outputs</span></a>
<span itemprop="name">Sub-processes</span></a>
</span>
<meta itemprop="position" content="2" /></span>
<span itemscope="itemscope" itemtype="http://data-vocabulary.org/Breadcrumb">
<span itemprop="itemListElement" itemscope itemtype="https://schema.org/ListItem">
<a href="https://yasm.com/wiki/en/index.php/SP9%3A%20Ensure%20compliance#Process_metrics" itemprop="url"><span itemprop="title">Metrics</span></a>
<a itemprop="item" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#Process_outputs">
</span>
<span itemprop="name">Process outputs</span></a>
<span itemscope="itemscope" itemtype="http://data-vocabulary.org/Breadcrumb">
<meta itemprop="position" content="3" /></span>
<a href="https://yasm.com/wiki/en/index.php/SP9%3A%20Ensure%20compliance#Roles_and_responsibilities" itemprop="url"><span itemprop="title">Roles</span></a>
<span itemprop="itemListElement" itemscope itemtype="https://schema.org/ListItem">
<a itemprop="item" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#Process_metrics">
<span itemprop="name">Metrics</span></a>
<meta itemprop="position" content="4" /></span>
<span itemprop="itemListElement" itemscope itemtype="https://schema.org/ListItem">
<a itemprop="item" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#Roles_and_responsibilities">
<span itemprop="name">Roles</span></a>
<meta itemprop="position" content="5" /></span>
</span>
</span>
</small></p>
</small></p>
</div><!-- end of schema.org/WebPage --><p></html>
 
<!-- define schema.org/ItemPage -->
<div itemscope itemtype="https://schema.org/ItemPage">
<meta itemprop="name Headline" content="SP9: Ensure compliance" />
<meta itemprop="alternativeHeadline" content="YaSM compliance management process" />
<link itemprop="primaryImageOfPage" href="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" />
<meta itemprop="significantLinks" content="https://yasm.com/wiki/en/index.php/YaSM_Metrics" />
<meta itemprop="significantLinks" content="https://yasm.com/wiki/en/index.php/YaSM_Metrics/_Supporting_Service_Management_Processes#metrics-sp9" />
</div>
 
<!-- define schema.org/CreativeWork -->
<div itemscope itemtype="https://schema.org/CreativeWork">
<link id="md-type-process" itemprop="additionalType" href="http://www.productontology.org/id/Business_process" />
<meta itemscope itemprop="mainEntityOfPage" itemType="https://schema.org/ItemPage"
itemid="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance" itemref="md-itempage-description">
<meta itemprop="name" content="SP9: Ensure compliance" />
<meta itemprop="alternateName" content="YaSM compliance management process" />
<meta itemprop="alternateName" content="Compliance management process" />
<link itemprop="url" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance" />
<link itemprop="hasPart" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#SP9.1">
<link itemprop="hasPart" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#SP9.2">
<link itemprop="hasPart" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#SP9.3">
<link itemprop="hasPart" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#process-inputs-outputs">
<link itemprop="image" href="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" />
<link itemprop="image" href="https://yasm.com/wiki/en/img/yasm-process/goal-definition/yasm-compliance-management-process.jpg" />
<link itemprop="isPartOf" href="https://yasm.com/wiki/en/index.php/Service_Management_Processes#supporting-processes" />
<meta itemprop="isBasedOnUrl" content="https://yasm.com/en/products/yasm-process-map" />
<meta itemprop="inLanguage" content="en" />
<link itemprop="citation" href="https://yasm.com/wiki/de/index.php/SP9:_Sicherstellen_von_Compliance" />
<link itemprop="publisher" href="https://yasm.com/en/#YaSMBrand" />
<link itemprop="copyrightHolder creator" href="https://yasm.com/en/contact#ITProcessMapsOrg" />
<link itemprop="author" href="https://yasm.com/en/misc/team#StefanKempter" />
<link itemprop="contributor" href="https://yasm.com/en/misc/team#AndreaKempter" />
</div><p></html>


<!-- This page is assigned to the following categories: -->
<!-- This page is assigned to the following categories: -->
[[Category:YaSM process]]
[[Category:YaSM process]]
<!-- --- -->
<!-- --- -->

Latest revision as of 13:25, 9 March 2025

auf Deutsch


 

Process name: Ensure compliance - Part of: Supporting processes

Previous process: Ensure continuity

Next process: Manage human resources

 

Process description

Many organizations are subject to various types of compliance requirements, such as laws, industry standards, etc.

The compliance management process in YaSM (fig. 1) is responsible for identifying the compliance requirements which are relevant for the organization's services, processes and systems and for defining the approach for fulfilling those requirements.

All applicable compliance requirements are managed through the compliance register, where the properties of the requirements are described. The compliance register also lists any compliance controls or mechanisms which need to be in place to achieve compliance. In this respect, compliance controls and mechanisms may be technical solutions or suitable organizational procedures built into the service management processes, policies and guidelines.

 

Fig. 1: Ensure compliance. - YaSM compliance management process SP9.
Fig. 1: 'Ensure compliance'
YaSM compliance management process ('SP9').


Typically, the compliance process will be called upon to assess the implications on compliance requirements when services or processes are to be established or modified.

If the compliance manager detects that compliance controls and mechanisms need to be upgraded, it will be the responsibility of the service or process owners to create those controls as part of the service or process implementation.

 

Compatibility: YaSM provides a basic process for ensuring compliance with laws, regulations, industry standards, etc., which highlights the most important compliance-related activities and describes the interfaces with the other YaSM processes. This process aligned with ISO 20000, the international standard for service management (see ISO/IEC 20000-1:2018, section 10).

Sub-processes

The compliance management process in YaSM has the following sub-processes:

SP9.1: Identify compliance requirements
Process objective: To identify the compliance requirements which need to be fulfilled by the service provider.
SP9.2: Define compliance controls
Process objective: To define the objectives and specify the details of the controls and mechanisms which need to be put in place to fulfill the compliance requirements.
SP9.3: Perform compliance reviews
Process objective: To submit the compliance controls and mechanisms to regular reviews, and to identify areas where compliance must be improved.

Process outputs

This section lists the documents and records produced by the compliance process. YaSM data objects [*] are marked with an asterisk, while other objects are displayed in gray.

Change record
A change record contains all details of a change, documenting the lifecycle of a single change. In its initial state, a change record describes a request for change (RFC) which is to be assessed and authorized prior to implementing the change. Further information is added as the change progresses through its lifecycle. [*]
Compliance register
The compliance register is a tool used by the compliance manager to keep an overview of all compliance requirements applicable to the service provider. The compliance register also states the controls and mechanisms put in place to ensure the service provider organization fulfills the compliance requirements. [*]
Compliance review report
A compliance review report records the details and findings from a compliance review or audit. This report is an important input for improving the service provider’s compliance with legal requirements, industry standards, etc. [*]
Suggested process modification
A suggestion for modifying one or several service management processes. Suggestions for process modifications or improvements may originate from anywhere within the organization.
Suggested service modification
A suggestion for modifying a service, for example to improve service quality or economics. Suggestions may originate from anywhere within or outside of the service provider organization.

 

Notes:

[*] "YaSM data objects" are those documents or records for which the YaSM model provides detailed recommendations: Every YaSM object has an associated checklist (see example) describing its typical contents, and an associated lifecycle diagram depicting how the status of the object changes as it is created, updated, read and archived by various YaSM processes (see example).

"Other objects" are mostly informal data or information where YaSM has less strong views about their contents. There are no associated lifecycle diagrams or checklists.

Process metrics

Process metrics are used, for example, to assess if the service management processes are running according to expectations.

For suggestions of suitable metrics, please refer to the list of metrics for the YaSM compliance process.

Roles and responsibilities

Process owner: The compliance manager's responsibility is to ensure that standards and guidelines are followed. In particular, this role ensures compliance with internal policies and external legal requirements.

 

Responsibility matrix: 'SP9: Ensure compliance'
YaSM role / sub-process Compliance manager
SP9.1 Identify compliance requirements AR
SP9.2 Define compliance controls AR
SP9.3 Perform compliance reviews AR

 

Notes

The compliance management process in YaSM ensures that services, processes and systems comply with relevant legal requirements, standards, enterprise policies etc.
Compliance management process: Objectives

Is based on: The compliance prozess from the YaSM Process Map.

By:  Stefan Kempter Author: Stefan Kempter, IT Process Maps GbR  and  Andrea Kempter Contributor: Andrea Kempter, IT Process Maps GbR, IT Process Maps.

 

Process description  › Sub-processes  › Process outputs  › Metrics  › Roles

Retrieved from "https://yasm.com/wiki/en/index.php?title=SP9:_Ensure_compliance&oldid=1485"