SP9: Ensure compliance: Difference between revisions
From YaSM Service Management Wiki
No edit summary |
No edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 24: | Line 24: | ||
<html>Many organizations are subject to various types of compliance requirements, such as laws, industry standards, etc.</p> | <html>Many organizations are subject to various types of compliance requirements, such as laws, industry standards, etc.</p> | ||
<p><span id="md-itempage-description" itemprop="description">The compliance management process in YaSM (<a href="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" title="YaSM compliance management (SP9)">fig. 1</a>) is responsible for identifying the compliance requirements which are relevant for the organization's services, processes and systems and for defining the approach for fulfilling those requirements.</span></p> | <p><span id="md-itempage-description" itemprop="description">The <b><span style="color:#465674;">compliance management process</span></b> in YaSM (<a href="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" title="YaSM compliance management (SP9)">fig. 1</a>) is responsible for identifying the compliance requirements which are relevant for the organization's services, processes and systems and for defining the approach for fulfilling those requirements.</span></p> | ||
<p>All applicable compliance requirements are managed through the compliance register, where the properties of the requirements are described. The compliance register also lists any compliance controls or mechanisms which need to be in place to achieve compliance. In this respect, compliance controls and mechanisms may be technical solutions or suitable organizational procedures built into the service management processes, policies and guidelines.</p> | <p>All applicable compliance requirements are managed through the compliance register, where the properties of the requirements are described. The compliance register also lists any compliance controls or mechanisms which need to be in place to achieve compliance. In this respect, compliance controls and mechanisms may be technical solutions or suitable organizational procedures built into the service management processes, policies and guidelines.</p> | ||
<p> </p> | |||
<div itemid="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" itemscope itemtype="https://schema.org/ImageObject"> | <div itemid="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" itemscope itemtype="https://schema.org/ImageObject"> | ||
<meta itemprop="width" content="1200" /> | <meta itemprop="width" content="1200" /> | ||
<meta itemprop="height" content="675" /> | <meta itemprop="height" content="675" /> | ||
| Line 39: | Line 38: | ||
<meta itemprop="dateCreated" content="2014-05-02" /> | <meta itemprop="dateCreated" content="2014-05-02" /> | ||
<meta itemprop="datePublished" content="2014-05-08" /> | <meta itemprop="datePublished" content="2014-05-08" /> | ||
<meta itemprop="dateModified" content=" | <meta itemprop="dateModified" content="2024-05-20" /> | ||
<span itemprop="thumbnail" itemscope itemtype="https://schema.org/ImageObject"> | <span itemprop="thumbnail" itemscope itemtype="https://schema.org/ImageObject"> | ||
<meta itemprop="url" content="https://yasm.com/wiki/en/img/yasm-process/16x9/Ensure-compliance-yasm-sp9.jpg" /> | <meta itemprop="url" content="https://yasm.com/wiki/en/img/yasm-process/16x9/Ensure-compliance-yasm-sp9.jpg" /> | ||
| Line 46: | Line 45: | ||
<meta itemprop="dateCreated" content="2020-06-13" /> | <meta itemprop="dateCreated" content="2020-06-13" /> | ||
<meta itemprop="datePublished" content="2020-06-15" /> | <meta itemprop="datePublished" content="2020-06-15" /> | ||
<meta itemprop="dateModified" content="2024-05-20" /> | |||
</span> | |||
<span itemprop="thumbnail" itemscope itemtype="https://schema.org/ImageObject"> | |||
<meta itemprop="url" content="https://yasm.com/wiki/en/img/yasm-process/800px/Ensure-compliance-yasm-sp9.jpg" /> | |||
<meta itemprop="width" content="800" /> | |||
<meta itemprop="height" content="450" /> | |||
<meta itemprop="dateCreated" content="2024-05-23" /> | |||
<meta itemprop="datePublished" content="2024-05-30" /> | |||
</span> | |||
<span itemprop="thumbnail" itemscope itemtype="https://schema.org/ImageObject"> | |||
<meta itemprop="url" content="https://yasm.com/wiki/en/img/yasm-process/480px/Ensure-compliance-yasm-sp9.jpg" /> | |||
<meta itemprop="width" content="480" /> | |||
<meta itemprop="height" content="270" /> | |||
<meta itemprop="dateCreated" content="2024-05-23" /> | |||
<meta itemprop="datePublished" content="2024-05-30" /> | |||
</span> | </span> | ||
<img | <figure class="mw-halign-left" typeof="mw:File/Thumb"><a itemprop="contentUrl" href="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" title="Ensure compliance. - YaSM compliance management process SP9"><img srcset="https://yasm.com/wiki/en/img/yasm-process/480px/Ensure-compliance-yasm-sp9.jpg 480w, https://yasm.com/wiki/en/img/yasm-process/800px/Ensure-compliance-yasm-sp9.jpg 800w, https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg 1200w" sizes="100vw" src="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" fetchpriority="high" decoding="async" width="800" height="450" class="mw-file-element" alt="Fig. 1: Ensure compliance. - YaSM compliance management process SP9." /></a><figcaption><span style="font-variant:small-caps;"><b>Fig. 1: 'Ensure compliance'</b><br /><a href="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" title="YaSM compliance management SP9">YaSM compliance management process ('SP9')</a>.</span></figcaption></figure></div></html> | ||
<br style="clear:both;"/> | |||
Typically, the compliance process will be called upon to assess the implications on compliance requirements when services or processes are to be established or modified. | |||
If the compliance manager detects that compliance controls and mechanisms need to be upgraded, it will be the responsibility of the service or process owners to create those controls as part of the service or process implementation. | |||
<p> </p> | |||
< | <html><i><u>Compatibility</u>: YaSM provides a basic process for ensuring compliance with laws, regulations, industry standards, etc., which highlights the most important compliance-related activities and describes the interfaces with the other YaSM processes. This process <a href="/wiki/en/index.php/YaSM_and_ISO_20000#ISO_20000_requirements_and_related_service_management_processes" title="YaSM and ISO 20000">aligned with ISO 20000</a>, the international standard for service management (see ISO/IEC 20000-1:2018, <a href="/wiki/en/index.php/YaSM_and_ISO_20000#Improvement" title="ISO 20000 section 10: Improvement">section 10</a>).</i></html> | ||
==Sub-processes== | ==Sub-processes== | ||
| Line 121: | Line 136: | ||
==Roles and responsibilities== | ==Roles and responsibilities== | ||
<span id="responsible">Process owner: The < | <span id="responsible">Process owner: The <i>compliance manager</i>'s responsibility is to ensure that standards and guidelines are followed. In particular, this role ensures compliance with internal policies and external legal requirements.</span> | ||
<p> </p> | <p> </p> | ||
| Line 148: | Line 163: | ||
<html><div itemid="https://yasm.com/wiki/en/img/yasm-process/goal-definition/yasm-compliance-management-process.jpg" itemscope itemtype="https://schema.org/ImageObject"> | <html><div itemid="https://yasm.com/wiki/en/img/yasm-process/goal-definition/yasm-compliance-management-process.jpg" itemscope itemtype="https://schema.org/ImageObject"> | ||
<meta itemprop="caption" content="Process objective: YaSM compliance management - Ensure compliance (SP9)." /> | <meta itemprop="caption" content="Process objective: YaSM compliance management - Ensure compliance (SP9)." /> | ||
<meta itemprop="width" content="1200" /> | <meta itemprop="width" content="1200" /> | ||
| Line 159: | Line 172: | ||
<meta itemprop="width" content="400" /> | <meta itemprop="width" content="400" /> | ||
<meta itemprop="height" content="209" /> | <meta itemprop="height" content="209" /> | ||
</span></a></ | <meta itemprop="dateCreated" content="2023-12-12" /> | ||
< | <meta itemprop="datePublished" content="2023-12-29" /> | ||
</span> | |||
<meta itemprop="keywords" content="Compliance management process objective" /> | |||
<figure class="mw-halign-left" typeof="mw:File/Thumb"><a itemprop="contentUrl" href="https://yasm.com/wiki/en/img/yasm-process/goal-definition/yasm-compliance-management-process.jpg" title="Compliance management: process objective"><img srcset="https://yasm.com/wiki/en/img/yasm-process/goal-definition/400px/yasm-compliance-management-process.jpg 400w, https://yasm.com/wiki/en/img/yasm-process/goal-definition/yasm-compliance-management-process.jpg 1200w" sizes="100vw" src="https://yasm.com/wiki/en/img/yasm-process/goal-definition/yasm-compliance-management-process.jpg" decoding="async" width="400" height="209" class="mw-file-element" alt="The compliance management process in YaSM ensures that services, processes and systems comply with relevant legal requirements, standards, enterprise policies etc." /></a><figcaption><span style="font-variant:small-caps;">Compliance management process: Objectives</span></figcaption></figure></div> | |||
<p>Is based on: The compliance prozess from the <a href="https://yasm.com/en/products/yasm-process-map" title="YaSM Process Map">YaSM Process Map</a>.</p> | |||
<p>By:  Stefan Kempter <a href="https://www.linkedin.com/in/stefankempter"><img style="margin:0px 0px 0px 0px;" src="/wiki/en/img/yasm-wiki/bookmarking/linkedin.jpg" width="16" height="16" title="By: Stefan Kempter | Profile on LinkedIn" alt="Author: Stefan Kempter, IT Process Maps GbR" /></a>  and  Andrea Kempter <a href="https://www.linkedin.com/in/andreakempter"><img style="margin:0px 0px 0px 0px;" src="/wiki/en/img/yasm-wiki/bookmarking/linkedin.jpg" width="16" height="16" title="By: Andrea Kempter | Profile on LinkedIn" alt="Contributor: Andrea Kempter, IT Process Maps GbR" /></a>, IT Process Maps.<br style="clear:both;"/><p> | <p>By:  Stefan Kempter <a href="https://www.linkedin.com/in/stefankempter"><img style="margin:0px 0px 0px 0px;" src="/wiki/en/img/yasm-wiki/bookmarking/linkedin.jpg" width="16" height="16" title="By: Stefan Kempter | Profile on LinkedIn" alt="Author: Stefan Kempter, IT Process Maps GbR" /></a>  and  Andrea Kempter <a href="https://www.linkedin.com/in/andreakempter"><img style="margin:0px 0px 0px 0px;" src="/wiki/en/img/yasm-wiki/bookmarking/linkedin.jpg" width="16" height="16" title="By: Andrea Kempter | Profile on LinkedIn" alt="Contributor: Andrea Kempter, IT Process Maps GbR" /></a>, IT Process Maps.<br style="clear:both;"/><p> | ||
| Line 206: | Line 224: | ||
<meta itemprop="name" content="SP9: Ensure compliance" /> | <meta itemprop="name" content="SP9: Ensure compliance" /> | ||
<meta itemprop="alternateName" content="YaSM compliance management process" /> | <meta itemprop="alternateName" content="YaSM compliance management process" /> | ||
<meta itemprop="alternateName" content="Compliance management process" /> | |||
<link itemprop="url" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance" /> | <link itemprop="url" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance" /> | ||
<link itemprop="hasPart" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#SP9.1"> | <link itemprop="hasPart" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#SP9.1"> | ||
Latest revision as of 11:55, 13 October 2024
Process name: Ensure compliance - Part of: Supporting processes
Previous process: Ensure continuity
Next process: Manage human resources
Process description
Many organizations are subject to various types of compliance requirements, such as laws, industry standards, etc.
The compliance management process in YaSM (fig. 1) is responsible for identifying the compliance requirements which are relevant for the organization's services, processes and systems and for defining the approach for fulfilling those requirements.
All applicable compliance requirements are managed through the compliance register, where the properties of the requirements are described. The compliance register also lists any compliance controls or mechanisms which need to be in place to achieve compliance. In this respect, compliance controls and mechanisms may be technical solutions or suitable organizational procedures built into the service management processes, policies and guidelines.
Typically, the compliance process will be called upon to assess the implications on compliance requirements when services or processes are to be established or modified.
If the compliance manager detects that compliance controls and mechanisms need to be upgraded, it will be the responsibility of the service or process owners to create those controls as part of the service or process implementation.
Compatibility: YaSM provides a basic process for ensuring compliance with laws, regulations, industry standards, etc., which highlights the most important compliance-related activities and describes the interfaces with the other YaSM processes. This process aligned with ISO 20000, the international standard for service management (see ISO/IEC 20000-1:2018, section 10).
Sub-processes
The compliance management process in YaSM has the following sub-processes:
- SP9.1: Identify compliance requirements
- Process objective: To identify the compliance requirements which need to be fulfilled by the service provider.
- SP9.2: Define compliance controls
- Process objective: To define the objectives and specify the details of the controls and mechanisms which need to be put in place to fulfill the compliance requirements.
- SP9.3: Perform compliance reviews
- Process objective: To submit the compliance controls and mechanisms to regular reviews, and to identify areas where compliance must be improved.
Process outputs
This section lists the documents and records produced by the compliance process. YaSM data objects [*] are marked with an asterisk, while other objects are displayed in gray.
- Change record
- A change record contains all details of a change, documenting the lifecycle of a single change. In its initial state, a change record describes a request for change (RFC) which is to be assessed and authorized prior to implementing the change. Further information is added as the change progresses through its lifecycle. [*]
- Compliance register
- The compliance register is a tool used by the compliance manager to keep an overview of all compliance requirements applicable to the service provider. The compliance register also states the controls and mechanisms put in place to ensure the service provider organization fulfills the compliance requirements. [*]
- Compliance review report
- A compliance review report records the details and findings from a compliance review or audit. This report is an important input for improving the service provider’s compliance with legal requirements, industry standards, etc. [*]
- Suggested process modification
- A suggestion for modifying one or several service management processes. Suggestions for process modifications or improvements may originate from anywhere within the organization.
- Suggested service modification
- A suggestion for modifying a service, for example to improve service quality or economics. Suggestions may originate from anywhere within or outside of the service provider organization.
Notes:
[*] "YaSM data objects" are those documents or records for which the YaSM model provides detailed recommendations: Every YaSM object has an associated checklist (see example) describing its typical contents, and an associated lifecycle diagram depicting how the status of the object changes as it is created, updated, read and archived by various YaSM processes (see example).
"Other objects" are mostly informal data or information where YaSM has less strong views about their contents. There are no associated lifecycle diagrams or checklists.
Process metrics
Process metrics are used, for example, to assess if the service management processes are running according to expectations.
For suggestions of suitable metrics, please refer to the list of metrics for the YaSM compliance process.
Roles and responsibilities
Process owner: The compliance manager's responsibility is to ensure that standards and guidelines are followed. In particular, this role ensures compliance with internal policies and external legal requirements.
| YaSM role / sub-process | Compliance manager | |
|---|---|---|
| SP9.1 | Identify compliance requirements | AR |
| SP9.2 | Define compliance controls | AR |
| SP9.3 | Perform compliance reviews | AR |
Notes
Is based on: The compliance prozess from the YaSM Process Map.
By: Stefan Kempter 
and Andrea Kempter , IT Process Maps.
Process description › Sub-processes › Process outputs › Metrics › Roles
