SP9: Ensure compliance: Difference between revisions
From YaSM Service Management Wiki
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
<itpmch><title>SP9: Ensure compliance | YaSM Service Management Wiki</title> | <itpmch><title>SP9: Ensure compliance | YaSM Service Management Wiki</title> | ||
<meta name="keywords" content="compliance service provider, yasm compliance management, service management compliance process" /> | <meta name="keywords" content="compliance service provider, yasm compliance management, service management compliance process" /> | ||
<meta name="description" content="YaSM | <meta name="description" content="YaSM compliance management is responsible for identifying the compliance requirements which are relevant for the organization's services, processes and systems and for defining the approach for fulfilling those requirements." /> | ||
<meta property="og:url" content="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance" /> | <meta property="og:url" content="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance" /> | ||
<meta property="og:title" content="SP9: Ensure compliance | YaSM Service Management Wiki" /> | <meta property="og:title" content="SP9: Ensure compliance | YaSM Service Management Wiki" /> | ||
<meta property="og:description" content="YaSM | <meta property="og:description" content="YaSM compliance management is responsible for identifying the compliance requirements which are relevant for the organization's services, processes and systems and for defining the approach for fulfilling those requirements." /> | ||
<meta property="og:site_name" content="YaSM"> | <meta property="og:site_name" content="YaSM"> | ||
<meta property="og:type" content="article" /> | <meta property="og:type" content="article" /> | ||
<meta property="fb:admins" content="100002035253209" /> | <meta property="fb:admins" content="100002035253209" /> | ||
<meta property="fb:admins" content="100002592864414" /> | <meta property="fb:admins" content="100002592864414" /> | ||
<meta property="og:image" content="https://yasm.com/wiki/en/img/yasm-process-definition/what-is-compliance-management-process.jpg" /> | |||
<meta property="og:image:width" content="1050" /> | |||
<meta property="og:image:height" content="525" /> | |||
<meta property="og:image" content="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" /> | <meta property="og:image" content="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" /> | ||
<meta property="og:image:width" content="647" /> | <meta property="og:image:width" content="647" /> | ||
| Line 16: | Line 19: | ||
<meta name="twitter:creator" content="@yasmcom"> | <meta name="twitter:creator" content="@yasmcom"> | ||
<meta name="twitter:title" content="SP9: Ensure compliance"> | <meta name="twitter:title" content="SP9: Ensure compliance"> | ||
<meta name="twitter:description" content="YaSM's | <meta name="twitter:description" content="YaSM compliance management is responsible for identifying the compliance requirements which are relevant for the organization's services, processes and systems and for defining the approach for fulfilling those requirements."> | ||
<meta name="twitter:image" content="https://yasm.com/wiki/en/img/yasm-process/ | <meta name="twitter:image" content="https://yasm.com/wiki/en/img/yasm-process-definition/what-is-compliance-management-process.jpg"> | ||
<meta name="twitter:image:alt" content=" | <meta name="twitter:image:alt" content="The compliance management process in YaSM: Definition | To ensure that services, processes and systems comply with relevant legal requirements, standards, enterprise policies etc."> | ||
<link href="https://plus.google.com/104150539756444616711/posts" rel="publisher" /> | <link href="https://plus.google.com/104150539756444616711/posts" rel="publisher" /> | ||
</itpmch> | </itpmch> | ||
| Line 32: | Line 35: | ||
==Process description== | ==Process description== | ||
<html><div itemid="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" itemscope itemtype="https://schema.org/ImageObject"> | <html>Many organizations are subject to various types of compliance requirements, such as laws, industry standards, etc.</p> | ||
<p><span id="md-itempage-description" itemprop="description">YaSM compliance management is responsible for identifying the compliance requirements which are relevant for the organization's services, processes and systems and for defining the approach for fulfilling those requirements.</span></p> | |||
<p>All applicable compliance requirements are managed through the compliance register, where the properties of the requirements are described. The compliance register also lists any compliance controls or mechanisms which need to be in place to achieve compliance. In this respect, compliance controls and mechanisms may be technical solutions or suitable organizational procedures built into the service management processes, policies and guidelines.</p> | |||
<div itemid="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" itemscope itemtype="https://schema.org/ImageObject"> | |||
<a href="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" title="Ensure compliance. - YaSM process SP9" itemprop="contentUrl"> | <a href="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" title="Ensure compliance. - YaSM process SP9" itemprop="contentUrl"> | ||
<meta itemprop="width" content="647" /> | <meta itemprop="width" content="647" /> | ||
| Line 41: | Line 50: | ||
<img style="margin:20px 0px 10px 0px; float:left;" src="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" width="647" height="306" title="Ensure compliance. - YaSM process SP9" alt="Fig. 1: Ensure compliance. - YaSM compliance process SP9." /></a><br style="clear:both;"/> | <img style="margin:20px 0px 10px 0px; float:left;" src="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" width="647" height="306" title="Ensure compliance. - YaSM process SP9" alt="Fig. 1: Ensure compliance. - YaSM compliance process SP9." /></a><br style="clear:both;"/> | ||
<div class="thumbcaption"><span style="font-variant:small-caps;"><b>Figure 1:</b></span> <small><span itemprop="caption">"Ensure compliance". - YaSM supporting service management process SP9.</span></small></div></div><br style="clear:both;"/> | <div class="thumbcaption"><span style="font-variant:small-caps;"><b>Figure 1:</b></span> <small><span itemprop="caption">"Ensure compliance". - YaSM supporting service management process SP9.</span></small></div></div><br style="clear:both;"/> | ||
<p>Typically, the compliance process will be called upon to assess the implications on compliance requirements when services or processes are to be established or modified.</p> | <p>Typically, the compliance process will be called upon to assess the implications on compliance requirements when services or processes are to be established or modified.</p> | ||
| Line 56: | Line 61: | ||
==Sub-processes== | ==Sub-processes== | ||
<html> | <html>The compliance management process in YaSM has the following sub-processes:</p> | ||
<p> </p> | <p> </p> | ||
| Line 87: | Line 92: | ||
<meta itemprop="alternateName" content="Compliance management process outputs" /> | <meta itemprop="alternateName" content="Compliance management process outputs" /> | ||
<meta itemprop="alternateName" content="Compliance management data objects" /> | <meta itemprop="alternateName" content="Compliance management data objects" /> | ||
<p><span itemprop="description">This section lists the documents and records produced by | <p><span itemprop="description">This section lists the documents and records produced by the compliance process.</span> YaSM data objects <a href="#ydo" title="YaSM data object">[*]</a> are marked with an asterisk, while other objects are displayed in gray.</p> | ||
<p> </p> | <p> </p> | ||
| Line 109: | Line 114: | ||
<hr /> | <hr /> | ||
<p><i><b>Notes:</b></i> | <p><i><b>Notes:</b></i> | ||
</p><p><span id="ydo"><strong>[*]</strong> <i>"YaSM data objects"</i> are those documents or records for which the YaSM model provides detailed recommendations: Every YaSM object has an associated checklist (see <a | </p><p><span id="ydo"><strong>[*]</strong> <i>"YaSM data objects"</i> are those documents or records for which the YaSM model provides detailed recommendations: Every YaSM object has an associated checklist (see <a href="https://yasm.com/wiki/en/index.php/Service_Management_Checklists" title="Example: YaSM checklists and document templates">example</a>) describing its typical contents, and an associated lifecycle diagram depicting how the status of the object changes as it is created, updated, read and archived by various YaSM processes (see <a href="https://yasm.com/wiki/en/img/yasm-project/Yasm-object-lifecycle-diagram.jpg" title="Example: YaSM object lifecycle diagram (.JPG)">example</a>).</span> | ||
</p><p><i>"Other objects"</i> are mostly informal data or information where YaSM has less strong views about their contents. There are no associated lifecycle diagrams or checklists.</html> | </p><p><i>"Other objects"</i> are mostly informal data or information where YaSM has less strong views about their contents. There are no associated lifecycle diagrams or checklists.</html> | ||
| Line 150: | Line 155: | ||
== Notes == | == Notes == | ||
Is based on: The compliance | <html><div itemid="https://yasm.com/wiki/en/img/yasm-process-definition/what-is-compliance-management-process.jpg" itemscope itemtype="https://schema.org/ImageObject"> | ||
<a href="https://yasm.com/wiki/en/img/yasm-process-definition/what-is-compliance-management-process.jpg" title="Compliance management: process definition" itemprop="contentUrl"> | |||
<img style="display: block; float: left; margin-right: 20px" src="https://yasm.com/wiki/en/img/yasm-process-definition/what-is-compliance-management-process.jpg" width="320" height="160" title="Compliance management: process definition" alt="What is compliance management? Definition of the compliance process SP9 from the YaSM framework." /> | |||
<meta itemprop="caption" content="Ensure compliance | YaSM compliance management | Process definition SP9" /> | |||
<meta itemprop="width" content="1050" /> | |||
<meta itemprop="height" content="525" /></a></div> | |||
<div style="margin-left: 30%; color:#636363"> | |||
<p style="margin-top: 0;">Is based on: The compliance prozess from the <a href="https://yasm.com/en/products/yasm-process-map" title="YaSM Process Map">YaSM Process Map</a>.</p> | |||
< | <p><small>By:  Stefan Kempter <a rel="author" href="https://plus.google.com/111925560448291102517/about"><img style="margin:0px 0px 0px 0px;" src="/wiki/en/img/yasm-wiki/bookmarking/google.jpg" width="16" height="16" title="By: Stefan Kempter | Profile on Google+" alt="Author: Stefan Kempter, IT Process Maps GbR" /></a>  and  Andrea Kempter <a href="https://plus.google.com/113316270668629760475/about"><img style="margin:0px 0px 0px 0px;" src="/wiki/en/img/yasm-wiki/bookmarking/google.jpg" width="16" height="16" title="By: Andrea Kempter | Profile on Google+" alt="Contributor: Andrea Kempter, IT Process Maps GbR" /></a>, IT Process Maps.</small><br style="clear:both;"/></div><p> | ||
<p> </p> | <p> </p> | ||
| Line 191: | Line 203: | ||
<!-- define schema.org/CreativeWork --> | <!-- define schema.org/CreativeWork --> | ||
<div itemscope itemtype="https://schema.org/CreativeWork"> | |||
<link id="md-type-process" itemprop="additionalType" href="http://www.productontology.org/id/Business_process" /> | <link id="md-type-process" itemprop="additionalType" href="http://www.productontology.org/id/Business_process" /> | ||
<meta itemscope itemprop="mainEntityOfPage" itemType="https://schema.org/ItemPage" | |||
itemid="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance" itemref="md-itempage-description"> | itemid="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance" itemref="md-itempage-description"> | ||
<meta itemprop="name" content="SP9: Ensure compliance" /> | |||
<meta itemprop="alternateName" content="YaSM compliance management process" /> | |||
<link itemprop="url" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance" /> | |||
<link itemprop="hasPart" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#SP9.1"> | |||
<link itemprop="hasPart" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#SP9.2"> | |||
<link itemprop="hasPart" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#SP9.3"> | |||
<link itemprop="hasPart" href="https://yasm.com/wiki/en/index.php/SP9:_Ensure_compliance#Process_outputs"> | |||
<link itemprop="image" href="https://yasm.com/wiki/en/img/yasm-process/Ensure-compliance-yasm-sp9.jpg" /> | |||
<link itemprop="image" href="https://yasm.com/wiki/en/img/yasm-process-definition/what-is-compliance-management-process.jpg" /> | |||
<link itemprop="isPartOf" href="https://yasm.com/wiki/en/index.php/YaSM_Processes#supporting-service-management-processes" /> | |||
<meta itemprop="isBasedOnUrl" content="https://yasm.com/en/products/yasm-process-map" /> | |||
<meta itemprop="inLanguage" content="en" /> | |||
<link itemprop="citation" href="https://yasm.com/wiki/de/index.php/SP9:_Sicherstellen_von_Compliance" /> | |||
<link itemprop="publisher" href="https://yasm.com/en/#YaSMBrand" /> | |||
<link itemprop="copyrightHolder creator" href="https://yasm.com/en/contact#ITProcessMapsOrg" /> | |||
<link itemprop="author" href="https://yasm.com/en/misc/team#StefanKempter" /> | |||
<link itemprop="contributor" href="https://yasm.com/en/misc/team#AndreaKempter" /> | |||
</div><p></html> | </div><p></html> | ||
Revision as of 12:02, 28 April 2018
Process name: Ensure compliance - Part of: Supporting service management processes
Previous process: Prepare for disaster events
Next process: Manage human resources
Process description
Many organizations are subject to various types of compliance requirements, such as laws, industry standards, etc.
YaSM compliance management is responsible for identifying the compliance requirements which are relevant for the organization's services, processes and systems and for defining the approach for fulfilling those requirements.
All applicable compliance requirements are managed through the compliance register, where the properties of the requirements are described. The compliance register also lists any compliance controls or mechanisms which need to be in place to achieve compliance. In this respect, compliance controls and mechanisms may be technical solutions or suitable organizational procedures built into the service management processes, policies and guidelines.
Figure 1: "Ensure compliance". - YaSM supporting service management process SP9.
Typically, the compliance process will be called upon to assess the implications on compliance requirements when services or processes are to be established or modified.
If the compliance manager detects that compliance controls and mechanisms need to be upgraded, it will be the responsibility of the service or process owners to create those controls as part of the service or process implementation.
Note: YaSM provides a basic process for ensuring compliance with laws, regulations, industry standards, etc., which highlights the most important compliance-related activities and describes the interfaces with the other YaSM processes.
Sub-processes
The compliance management process in YaSM has the following sub-processes:
- SP9.1: Identify compliance requirements
- Process objective: To identify the compliance requirements which need to be fulfilled by the service provider.
- SP9.2: Define compliance controls
- Process objective: To define the objectives and specify the details of the controls and mechanisms which need to be put in place to fulfill the compliance requirements.
- SP9.3: Perform compliance reviews
- Process objective: To submit the compliance controls and mechanisms to regular reviews, and to identify areas where compliance must be improved.
Process outputs
This section lists the documents and records produced by the compliance process. YaSM data objects [*] are marked with an asterisk, while other objects are displayed in gray.
- Change record
- A change record contains all details of a change, documenting the lifecycle of a single change. In its initial state, a change record describes a request for change (RFC) which is to be assessed and authorized prior to implementing the change. Further information is added as the change progresses through its lifecycle. [*]
- Compliance register
- The compliance register is a tool used by the compliance manager to keep an overview of all compliance requirements applicable to the service provider. The compliance register also states the controls and mechanisms put in place to ensure the service provider organization fulfills the compliance requirements. [*]
- Compliance review report
- A compliance review report records the details and findings from a compliance review or audit. This report is an important input for improving the service provider’s compliance with legal requirements, industry standards, etc. [*]
- Suggested process modification
- A suggestion for modifying one or several service management processes. Suggestions for process modifications or improvements may originate from anywhere within the organization.
- Suggested service modification
- A suggestion for modifying a service, for example to improve service quality or economics. Suggestions may originate from anywhere within or outside of the service provider organization.
Notes:
[*] "YaSM data objects" are those documents or records for which the YaSM model provides detailed recommendations: Every YaSM object has an associated checklist (see example) describing its typical contents, and an associated lifecycle diagram depicting how the status of the object changes as it is created, updated, read and archived by various YaSM processes (see example).
"Other objects" are mostly informal data or information where YaSM has less strong views about their contents. There are no associated lifecycle diagrams or checklists.
Process metrics
Process metrics are used, for example, to assess if the service management processes are running according to expectations.
For suggestions of suitable metrics, please refer to the list of metrics for the YaSM compliance process.
Roles and responsibilities
Process owner: Compliance manager
- The compliance manager's responsibility is to ensure that standards and guidelines are followed. In particular, this role ensures compliance with internal policies and external legal requirements.
| YaSM role / sub-process | Compliance manager | |
|---|---|---|
| SP9.1 | Identify compliance requirements | AR |
| SP9.2 | Define compliance controls | AR |
| SP9.3 | Perform compliance reviews | AR |
Notes
Is based on: The compliance prozess from the YaSM Process Map.
By: Stefan Kempter 
and Andrea Kempter , IT Process Maps.
Process description › Sub-processes › Process outputs › Metrics › Roles
