SP9: Ensure compliance: Difference between revisions

From YaSM Service Management Wiki
No edit summary
No edit summary
Line 14: Line 14:
<link href="https://plus.google.com/104150539756444616711/posts" rel="publisher" />
<link href="https://plus.google.com/104150539756444616711/posts" rel="publisher" />
</itpmch>
</itpmch>
<html><a href="https://yasm.com/wiki/de/index.php/SP9:_Sicherstellen_von_Compliance"><img src="https://yasm.com/wiki/en/img/yasm-wiki/yasm-wiki-deutsch.png" width="48" height="30" style="float:right;" alt="auf Deutsch" title="diese Seite auf Deutsch" /></a><br style="clear:both;"/></html>
<html><div class="floatright"><div class="noresize"><map name="ImageMap_yasm-wiki-share"><area href="https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fyasm.com%2Fwiki%2Fen%2Findex.php%2FSP9%3A_Ensure_compliance&hl=en_US&source=YaSM%20Wiki" class="plainlinks" rel="nofollow" shape="rect" coords="55,0,99,36" alt="share this page on LinkedIn" title="share this page on LinkedIn"/><area href="https://twitter.com/intent/tweet?url=https%3A%2F%2Fyasm.com%2Fwiki%2Fen%2Findex.php%2FSP9%3A_Ensure_compliance&text=%23YaSMwiki%20%7C%20Ensure%20compliance%20-%20Supporting%20service%20management%20process%20SP9%0A%E2%96%BA&lang=en&via=yasmcom" class="plainlinks" rel="nofollow" shape="rect" coords="97,0,140,36" alt="share this page on Twitter" title="share this page on Twitter"/></map><img alt="share this page" src="https://yasm.com/wiki/en/img/yasm-wiki/YaSM-Wiki-share.png" width="140" height="36" usemap="#ImageMap_yasm-wiki-share"/></div></div><div class="noresize"><a href="https://yasm.com/wiki/de/index.php/SP9:_Sicherstellen_von_Compliance"><img src="https://yasm.com/wiki/en/img/yasm-wiki/YaSM-Wiki-Deutsch.png" width="140" height="36" style="float:left;" alt="auf Deutsch" title="This page in German" /></a></div><br style="clear:both;"/>
<p>&nbsp;</p>
<p>&nbsp;</p>


'''Process name:''' [[#Process_description|Ensure compliance]] - '''Part of:''' [[YaSM_Processes#supporting-service-management-processes|Supporting service management processes]]
<p><b>Process name:</b> <a href="#Process_description">Ensure compliance</a> - <b>Part of:</b> <a href="/wiki/en/index.php/YaSM_Processes#supporting-service-management-processes" title="YaSM processes: The supporting service management processes">Supporting service management processes</a>
 
</p><p><b>Previous process:</b> <a href="/wiki/en/index.php/SP8:_Prepare_for_disaster_events" title="SP8: Prepare for disaster events">Prepare for disaster events</a>
'''Previous process:''' [[SP8: Prepare for disaster events|Prepare for disaster events]]
</p><p><b>Next process:</b> <a href="/wiki/en/index.php/SP10:_Manage_human_resources" title="SP10: Manage human resources">Manage human resources</a></html>
 
'''Next process:''' [[SP10: Manage human resources|Manage human resources]]


<p>&nbsp;</p>
<p>&nbsp;</p>
Line 51: Line 49:
==Sub-processes==
==Sub-processes==


<html><!-- define schema.org/CreativeWork --><div itemid="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#Sub-processes" itemscope="itemscope" itemtype="https://schema.org/CreativeWork">
<html>YaSM's compliance management process <i>'SP9: Ensure compliance'</i> has the following sub-processes:</p>
<link itemprop="additionalType" href="http://www.productontology.org/id/Business_process" />
<meta itemprop="name" content="Compliance processes" />
<meta itemprop="alternateName" content="YaSM compliance management processes: definitions" />
<p><span itemprop="description">YaSM's compliance management process <i>'SP9: Ensure compliance'</i> has the following sub-processes:</span>
</p>
<p>&#160;</p>
<p>&#160;</p>


<div itemprop="hasPart" itemid="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#process-SP9.1" itemscope itemtype="https://schema.org/CreativeWork">
<!-- define schema.org/CreativeWork -->
<div itemprop="hasPart" itemid="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#SP9.1" itemscope itemtype="https://schema.org/CreativeWork">
<meta itemprop="alternateName" content="YaSM compliance management process SP9.1" />
<meta itemprop="alternateName" content="YaSM compliance management process SP9.1" />
<dl id="SP9.1"><dt itemprop="name">SP9.1: Identify compliance requirements</dt>
<dl id="SP9.1"><dt itemprop="name">SP9.1: Identify compliance requirements</dt>
Line 65: Line 59:
</div>
</div>
<p><br /></p>
<p><br /></p>
<div itemprop="hasPart" itemid="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#process-SP9.2" itemscope itemtype="https://schema.org/CreativeWork">
<div itemprop="hasPart" itemid="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#SP9.2" itemscope itemtype="https://schema.org/CreativeWork">
<meta itemprop="alternateName" content="YaSM compliance management process SP9.2" />
<meta itemprop="alternateName" content="YaSM compliance management process SP9.2" />
<dl id="SP9.2"><dt itemprop="name">SP9.2: Define compliance controls</dt>
<dl id="SP9.2"><dt itemprop="name">SP9.2: Define compliance controls</dt>
Line 71: Line 65:
</div>
</div>
<p><br /></p>
<p><br /></p>
<div itemprop="hasPart" itemid="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#process-SP9.3" itemscope itemtype="https://schema.org/CreativeWork">
<div itemprop="hasPart" itemid="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#SP9.3" itemscope itemtype="https://schema.org/CreativeWork">
<meta itemprop="alternateName" content="YaSM compliance management process SP9.3" />
<meta itemprop="alternateName" content="YaSM compliance management process SP9.3" />
<dl id="SP9.3"><dt itemprop="name">SP9.3: Perform compliance reviews</dt>
<dl id="SP9.3"><dt itemprop="name">SP9.3: Perform compliance reviews</dt>
<dd itemprop="description">Process objective: To submit the compliance controls and mechanisms to regular reviews, and to identify areas where compliance must be improved.</dd></dl>
<dd itemprop="description">Process objective: To submit the compliance controls and mechanisms to regular reviews, and to identify areas where compliance must be improved.</dd></dl>
</div>
</div><!-- end of schema.org/CreativeWork --><p></html>
</div><!-- end of schema.org/CreativeWork --><p></html>


Line 82: Line 75:
==Process outputs==
==Process outputs==


<html><div itemid="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#Process_outputs" itemscope="itemscope" itemtype="https://schema.org/CreativeWork"><!-- define schema.org/CreativeWork -->
<html>This section lists the documents and records produced by <i>'Ensure compliance'</i>. YaSM data objects <a href="#ydo" title="YaSM data object">[*]</a> are marked with an asterisk, while other objects are displayed in gray.</p>
<meta itemprop="name" content="YaSM process SP9: documents and records" />
<meta itemprop="alternateName" content="Compliance management process outputs" />
<meta itemprop="alternateName" content="Compliance management data objects" />
<p><span itemprop="description">This section lists the documents and records produced by <i>'Ensure compliance'</i>.</span> YaSM data objects <a href="#ydo" title="YaSM data object">[*]</a> are marked with an asterisk, while other objects are displayed in gray.</p>
<p>&#160;</p>
<p>&#160;</p>


Line 103: Line 92:
<dl style="color:#636363"><dt>Suggested service modification</dt>
<dl style="color:#636363"><dt>Suggested service modification</dt>
<dd>A suggestion for modifying a service, for example to improve service quality or economics. Suggestions may originate from anywhere within or outside of the service provider organization.</dd></dl>
<dd>A suggestion for modifying a service, for example to improve service quality or economics. Suggestions may originate from anywhere within or outside of the service provider organization.</dd></dl>
</div><!-- end of schema.org/CreativeWork --><p>


<p>&nbsp;</p>
<p>&nbsp;</p>
Line 156: Line 144:


<p><small>
<p><small>
<span itemscope="itemscope" itemtype="http://data-vocabulary.org/Breadcrumb">
<span itemprop="breadcrumb" itemscope itemtype="http://schema.org/BreadcrumbList">
<a href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#Process_description" itemprop="url"><span itemprop="title">Process description</span></a>
<span itemprop="itemListElement" itemscope itemtype="http://schema.org/ListItem">
</span>
<a itemprop="item" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#Process_description">
<span itemscope="itemscope" itemtype="http://data-vocabulary.org/Breadcrumb">
<span itemprop="name">Process description</span></a>
<a href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#Sub-processes" itemprop="url"><span itemprop="title">Sub-processes</span></a>
<meta itemprop="position" content="1" /></span>
</span>
<span itemprop="itemListElement" itemscope itemtype="http://schema.org/ListItem">
<span itemscope="itemscope" itemtype="http://data-vocabulary.org/Breadcrumb">
<a itemprop="item" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#Sub-processes">
<a href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#Process_outputs" itemprop="url"><span itemprop="title">Process outputs</span></a>
<span itemprop="name">Sub-processes</span></a>
</span>
<meta itemprop="position" content="2" /></span>
<span itemscope="itemscope" itemtype="http://data-vocabulary.org/Breadcrumb">
<span itemprop="itemListElement" itemscope itemtype="http://schema.org/ListItem">
<a href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#Process_metrics" itemprop="url"><span itemprop="title">Metrics</span></a>
<a itemprop="item" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#Process_outputs">
</span>
<span itemprop="name">Process outputs</span></a>
<span itemscope="itemscope" itemtype="http://data-vocabulary.org/Breadcrumb">
<meta itemprop="position" content="3" /></span>
<a href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#Roles_and_responsibilities" itemprop="url"><span itemprop="title">Roles</span></a>
<span itemprop="itemListElement" itemscope itemtype="http://schema.org/ListItem">
<a itemprop="item" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#Process_metrics">
<span itemprop="name">Metrics</span></a>
<meta itemprop="position" content="4" /></span>
<span itemprop="itemListElement" itemscope itemtype="http://schema.org/ListItem">
<a itemprop="item" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#Roles_and_responsibilities">
<span itemprop="name">Roles</span></a>
<meta itemprop="position" content="5" /></span>
</span>
</span>
</small></p>
</small></p>
Line 178: Line 173:
   <meta itemprop="alternativeHeadline" content="YaSM process for ensuring compliance" />
   <meta itemprop="alternativeHeadline" content="YaSM process for ensuring compliance" />
   <link itemprop="url" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance" />
   <link itemprop="url" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance" />
   <span itemprop="hasPart" itemid="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#Sub-processes" itemscope itemtype="https://schema.org/CreativeWork">
   <link itemprop="hasPart" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#SP9.1">
   </span>
  <link itemprop="hasPart" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#SP9.2">
  <span itemprop="hasPart" itemid="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#Process_outputs" itemscope itemtype="https://schema.org/CreativeWork">
   <link itemprop="hasPart" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#SP9.3">
  </span>
   <link itemprop="primaryImageOfPage" href="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" />
   <link itemprop="primaryImageOfPage" href="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" />
   <link itemprop="image" href="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" />
   <link itemprop="image" href="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" />

Revision as of 12:07, 31 May 2017

share this page on LinkedInshare this page on Twittershare this page
auf Deutsch


 

Process name: Ensure compliance - Part of: Supporting service management processes

Previous process: Prepare for disaster events

Next process: Manage human resources

 

Process description

Fig. 1: Ensure compliance. - YaSM compliance process SP9.
Figure 1: "Ensure compliance". - YaSM supporting service management process SP9.


Many organizations are subject to various types of compliance requirements, such as laws, industry standards, etc. The YaSM process for ensuring compliance ("SP9: Ensure compliance") is responsible for identifying the compliance requirements which are relevant for the organization's services, processes and systems and for defining the approach for fulfilling those requirements.

All applicable compliance requirements are managed through the compliance register, where the properties of the requirements are described. The compliance register also lists any compliance controls or mechanisms which need to be in place to achieve compliance. In this respect, compliance controls and mechanisms may be technical solutions or suitable organizational procedures built into the service management processes, policies and guidelines.

Typically, the compliance process will be called upon to assess the implications on compliance requirements when services or processes are to be established or modified.

If the compliance manager detects that compliance controls and mechanisms need to be upgraded, it will be the responsibility of the service or process owners to create those controls as part of the service or process implementation.

Note: YaSM provides a basic process for ensuring compliance with laws, regulations, industry standards, etc., which highlights the most important compliance-related activities and describes the interfaces with the other YaSM processes.

 

Sub-processes

YaSM's compliance management process 'SP9: Ensure compliance' has the following sub-processes:

 

SP9.1: Identify compliance requirements
Process objective: To identify the compliance requirements which need to be fulfilled by the service provider.


SP9.2: Define compliance controls
Process objective: To define the objectives and specify the details of the controls and mechanisms which need to be put in place to fulfill the compliance requirements.


SP9.3: Perform compliance reviews
Process objective: To submit the compliance controls and mechanisms to regular reviews, and to identify areas where compliance must be improved.

 

Process outputs

This section lists the documents and records produced by 'Ensure compliance'. YaSM data objects [*] are marked with an asterisk, while other objects are displayed in gray.

 

Change record
A change record contains all details of a change, documenting the lifecycle of a single change. In its initial state, a change record describes a request for change (RFC) which is to be assessed and authorized prior to implementing the change. Further information is added as the change progresses through its lifecycle. [*]


Compliance register
The compliance register is a tool used by the compliance manager to keep an overview of all compliance requirements applicable to the service provider. The compliance register also states the controls and mechanisms put in place to ensure the service provider organization fulfills the compliance requirements. [*]


Compliance review report
A compliance review report records the details and findings from a compliance review or audit. This report is an important input for improving the service provider’s compliance with legal requirements, industry standards, etc. [*]


Suggested process modification
A suggestion for modifying one or several service management processes. Suggestions for process modifications or improvements may originate from anywhere within the organization.


Suggested service modification
A suggestion for modifying a service, for example to improve service quality or economics. Suggestions may originate from anywhere within or outside of the service provider organization.

 

Notes:

[*] "YaSM data objects" are those documents or records for which the YaSM model provides detailed recommendations: Every YaSM object has an associated checklist (see example) describing its typical contents, and an associated lifecycle diagram depicting how the status of the object changes as it is created, updated, read and archived by various YaSM processes (see example).

"Other objects" are mostly informal data or information where YaSM has less strong views about their contents. There are no associated lifecycle diagrams or checklists.

 

Process metrics

Process metrics are used, for example, to assess if the service management processes are running according to expectations.

For suggestions of suitable metrics, please refer to the list of metrics for the YaSM compliance process.

 

Roles and responsibilities

Process owner: Compliance manager

  • The compliance manager's responsibility is to ensure that standards and guidelines are followed. In particular, this role ensures compliance with internal policies and external legal requirements.

 

Responsibility matrix: "SP9: Ensure compliance"
YaSM role / sub-process Compliance manager
SP9.1 Identify compliance requirements AR
SP9.2 Define compliance controls AR
SP9.3 Perform compliance reviews AR

 

Notes

Is based on: The compliance management process from the YaSM Process Map.

By:  Stefan Kempter   and  Andrea Kempter Contributor: Andrea Kempter, IT Process Maps GbR, IT Process Maps.

 

Process description  › Sub-processes  › Process outputs  › Metrics  › Roles

Retrieved from "https://yasm.com/wiki/en/index.php?title=SP9:_Ensure_compliance&oldid=486"