Product: ComplianceDesktop

Regulation Diagram Dashboard

The Regulation Diagram is a central diagram used to capture regulations and document compliance.

On the collaboration platform the RegulationDiagram is view in a Diagram Dashboard (read more about Dashboard here)

As standard (QualiWare 10.10) there are 2 diagram dashboard available in the tool to the Regulation Diagram (and if needed they can be configured to fit you special need):

Click here to see how to shift between available layouts on a Dashboard.

Browsing Diagram Dashboard (Regulation Diagram)

The Regulation Diagram is the main focus of the Browsing dashboard, you can click each of the symbols to learn more (learn more about Responsive tiles here)

  • Description Tile shows the description (and the paragraph text) of the diagram (or selected object) (learn more about Context Dependent Tiles here)
  • Properties Tile shows the Properties of the diagram (or selected object) (learn more about Context Dependent Tiles here)
  • Highlight if – Default Highlight if available on Browsing Dashboards (learn more about Highlight if here)

Analyzing and Improving Diagram Dashboard (Regulation Diagram)

The Analyzing and Improving Dashboard also contains the Diagram, properties and description tiles, and in addition it contains a comprehensive set of features and analyses that can support you with all aspects of compliance in relation to a set of regulations.

  1. The Compliance Matrix is generated automatically based upon the regulation in the diagram, and their related complying object(s) and their audits
  2. Edit tile contains a set of Spreadsheets where data and relations can be managed and updated
  3. Highlight tile contains a set of Advanced highlights that are based upon derived relationships and underlying data. 
  4. Analyses tile contains a set of filterable Queries each focusing on a relevant subset of properties and relation to the regulations
  5. Audit view – Relevant for Business & Complying object Autogenerated Gantt Charts based upon the derived complying objects and their audits

Compliance Matrix

The Compliance matrix is generated automatically in QualiWare based upon the relations between the objects in the system. The Regulation Diagram is used to capture a set of regulations and the matrices are derived based upon the content (regulations) and their related complying objects.

On the Dashboard the tile lists regulations (relevant in the top, not relevant in the bottom), and their complying objects and the audits that are related to each complying object.

The compliance matrix can be expanded/toggled to full size (clicking in the top right corner). The full size contains an additional set of columns enabling you to analyze and focus on the relevant subset.

  1. The first columns contain properties about the regulation (paragraph number, text, relevant for business)
  2. Audits where the regulation is target regulation (name, audit date and audit governance state)
  3. Complying objects (responsible for the object, type of template, governance state of the object)
  4. Change request related to the complying object, and their governance state
  5. Non-Conformances related to the complying object, and their governance state
  6. Audits where the complying object is target object (name, audit date and audit governance state)

Learn more about compliance matrices here, and how to create and enrich the content contained in the compliance matrices).

Edit

The Edit tile contains a set of Spreadsheets grouped around 4 areas:

Justify relevance and associate complying objects

These Spreadsheets enable you to easily Enrich Regulations with details, map relevance, and associate complying objects:

Regulations Edit (Spreadsheet)

Regulations Edit (Spreadsheet)

This Spreadsheet lists all regulations (column B) in the RegulationDiagram (column A), and from here it is possible to:

    1. Mark whether a regulation is relevant – or not relevant for the business. Relevant regulations are in scope for the compliance activities, i.e. these are the ones you aim to document compliance for,
    2. Add paragraph (number), paragraph text, and regulation name for each regulation.
    3. See/create link to complying object(s) mapped to each regulation, and for each complying object you can see/update:
      • Template (this is derived from the complying object and cannot be changed. To change you must map a relevant object in Column G)
      • See/Change Responsible for the Complying object (or Add if missing)
      • See/Change Short description associated to the Complying object

Regulations Justifications (Spreadsheet)

Regulations Justifications (Spreadsheet)

This Spreadsheet lists all regulations (column B) in the RegulationDiagram (column A), and from here it is possible to:

    1. Mark whether a regulation is relevant – or not relevant for the business. Relevant regulations are in scope for the compliance activities, i.e. these are the ones you aim to document compliance for,
    2. See/update paragraph text for each regulation.
    3. See/create link to a justification related to the regulation, this can be used to elaborate (and document) justification for why a regulation is relevant (or not), and if relevant describe the intention and map target complying object
    4. See/create link to complying object(s) mapped to each regulation, and for each complying object you can see/update:
      • Template (this is derived from the complying object and cannot be changed. To change you must map a relevant object in Column L)
      • See/Change Responsible for the Complying object (or Add if missing)
      • See/Change Short description associated to the Complying object

Audit Planning and Scope

These Spreadsheets enable you to plan and scope audits related to the regulations. There are 2 spreadsheets, each focusing on a particular audit scope:

Audit Regulation Plan (Spreadsheet)

Audit Regulation Plan (Spreadsheet)

This Spreadsheet lists all regulations (column A) and focusing on audit related to each of the regulation:

    1. Mark whether a regulation is relevant – or not relevant for the business. Relevant regulations are in scope for the compliance activities, i.e. these are the ones that could be target in audit(s),
    2. See/create links to Audit(s) as (target regulation) for each regulation, and see/update:
      • Audit date for the linked audit(s)
    3. See/create link to Audit Program associated to the Audit

Audit Plan Complying Object (Spreadsheet)

Audit Plan Complying Object (Spreadsheet)

This Spreadsheet lists all regulations (column A) and focusing on audit related to each of the regulation:

    1. Mark whether a regulation is relevant – or not relevant for the business. Relevant regulations are in scope for the compliance activities, i.e. these are the ones where the complying objects could be target in audit(s),
    2. See/create links to Complying Object(s) for each regulation
    3. See/create links to Audit(s) as (target process) for each Complying Object, and see/update:
      • Audit date for the linked audit(s)
    4. See/create link to Audit Program associated to the Audit

Risks

These Spreadsheets enable you to work with Risk(s) related to the Regulation(s) on the Diagram and to risk(s) associated with the Complying object(s) related to the regulations:

Symbol Risk for Diagram (Spreadsheet)

Symbol Risk for Diagram (Spreadsheet)

This is the standard Risk Spreadsheet (available on Analyzing Diagram Dashboards) focusing on Risk related to the Symbols on the Diagram, i.e. the spreadsheet lists:

    1. Regulations (column A) on the Regulation Diagram
    2. Risk(s) related to each of the regulations, along with a set of properties related to the Risk
      • 2a Likelihood, Significance, Impacts scores
      • 2b Residual Likelihood and Significance for the risk after the:
    3. Control activity mitigating the risk to is residual score (2b), and who is responsible for the Control activity

Risk Complying Object Regulations (Spreadsheet)

Risk Complying Object Regulations (Spreadsheet)

This Spreadsheet lists all regulations (column A) and focusing on Risk related to each of the Complying objects related to each regulation:

    1. Regulation name and relevanse,
    2. See/create links to Complying Object(s) for each regulation
    3. See/create links to Risk(s) as concerned with each Complying Object, and see/update:
      • 3a Likelihood. Significance, Short Description for the Risk
      • 3b Residual Likelihood and Significance score for the risk after the:
    4. Control activity mitigating the risk to is residual score (3b), and who is responsible for the Control activity

Associated Regulation

This Spreadsheet enables you to work with two set of regulations and identifying gaps and similarities between the different – yet similar – standards or to identify changes and gaps between two different versions of the same standard:

Regulation-Link-Regulation (Spreadsheet)

Regulation-Link-Regulation (Spreadsheet)

This Spreadsheet supports the linkage of a regulation to an associated regulation:

    1. Regulations (column B) on the Regulation Diagram, including relevance score, paragraph number and paragraph text
    2. See/add Complying Object(s) to the regulation
    3. See/add Associated Regulation to the Regulation, and explore/compare:
      • Relevance score,  paragraph number and paragraph text
    4. Complying Object(s) related to associated regulation

This spreadsheet can be used to compare two sets of regulations, e.g.:

  • to indenty gaps between two standards (e.g. identify changes between two different versions of the same standard)
  • Compare standard X to standard Y, to ensure consistency and to match the complying objects to similar regulations in different regulation sets.

Highlight

The Highlight tile contains a set of Advanced highlights that are based upon derived relationships and underlying data. This enables the user to get an easy and comprehensive view whether a regulatory object is relevant for business, has complying objects and if so when it has last been audited.

Regulation Highlight – Relevant for Business

Highlight regulations whether they are marked as relevant for business or not.

Relevant and with complying objects

Highlight regulations whether they are marked as relevant for business or not, and wheter there are complying objects linked to the regulation.

Audit Scope and Schedule (Complying objects)

Highlight regulations based upon their most recent/planned audit of the complying object related to each regulation, that are marked as relevant for business (target process in the audit).

Audit Scope and Schedule (Target Regulation)

Highlight regulations based upon their most recent/planned audit for each relevant regulation (target regulation in the audit).

Analyses

The Analyses tile contains a set of filterable QRVs each focusing on a relevant subset of properties and relation to the regulations:

Audit View – Relevant for Business & Complying objects

The Audit View shows an automatically generated Gantt Chart, based upon the Relevant Regulations, and their complying objects and their associated audits:

  1. all the Regulations, that are relevant for business
  2. all complying object related to the regulation
  3. all audits that are related to the complying object

The Gantt Chart is explorable, it is possible to click the small triangles to the left of the objects, to drill down to see the next level for each of the rows.

Compliance Matrices – Step by Step

This page introduces how to work with compliance matrices in QualiWare. The description is based upon a standard QualiWare 10.10 Diagram Dashboard for RegulationDiagrams.

The page goes through how to create a regulations diagram with regulations, enrich the regulations with complying objects, manage that these complying objects have been audited, and monitor if there are any findings (change request or non-conformances) related to the complying objects.

Create RegulationDiagram with relevant Regulations

This first step to establish compliance is to create/import the relevant regulations into QualiWare. This is done by creating one of more RegulationDiagrams with relevant regulations.

From the Compliance Desktop this can be easily done through the getting started tile.

From the Gettings started tile, you can import a set of regulations from a csv-file using the smart importer.

From the Create Compliance Content you can create different types of compliance related objects including individual regulation(s) and regulation diagrams.

The diagram enables you to collect a set of regulations, which is the foundation for a compliance matrix. The RegulationDiagram can be modelled in the Web-Modeler.

In the Web-Modeler you can model the relevant regulation(s) in the RegulationDiagram to get a relevant scope of e.g. an ISO standard or other type of regulation.

In the webmodeler, you can use the various accelerators to create the diagram, such as QualiAI, or Text-To-Model (click links to learn more about the features).

Enrich Regulations with details, map relevance, and associate complying objects.

Once the Regulations are created/collected in a RegulationDiagram, it is time to enrich the relevant details for each of the regulations.

This can easily done from the edit tile on the standard “Analyzing and Improving” Dashboard for the RegulationDiagram (learn more about Diagram Dashboards here).

From the Edit tile on the RegulationDiagram – Analyzing and Improving Dashboard you have access to two spreadsheets under “Justify relevance and associate complying objects:

Regulations Edit (Spreadsheet)

This Spreadsheet lists all regulations (column B) in the RegulationDiagram (column A), and from here it is possible to:

    1. Mark whether a regulation is relevant – or not relevant for the business. Relevant regulations are in scope for the compliance activities, i.e. these are the ones you aim to document compliance for,
    2. Add paragraph (number), paragraph text, and regulation name for each regulation.
    3. See/create link to complying object(s) mapped to each regulation, and for each complying object you can see/update:
      • Template (this is derived from the complying object and cannot be changed. To change you must map a relevant object in Column G)
      • See/Change Responsible for the Complying object (or Add if missing)
      • See/Change Short description associated to the Complying object

Regulations Justifications (Spreadsheet)

This Spreadsheet lists all regulations (column B) in the RegulationDiagram (column A), and from here it is possible to:

    1. Mark whether a regulation is relevant – or not relevant for the business. Relevant regulations are in scope for the compliance activities, i.e. these are the ones you aim to document compliance for,
    2. See/update paragraph text for each regulation.
    3. See/create link to a justification related to the regulation, this can be used to elaborate (and document) justification for why a regulation is relevant (or not), and if relevant describe the intention and map target complying object
    4. See/create link to complying object(s) mapped to each regulation, and for each complying object you can see/update:
      • Template (this is derived from the complying object and cannot be changed. To change you must map a relevant object in Column L)
      • See/Change Responsible for the Complying object (or Add if missing)
      • See/Change Short description associated to the Complying object

Compliance Matrices

In the RegulationDiagram Dashboard there is access to a set of standard compliance matrices related to the RegulationDiagram and the regulation objects contained in the diagram.

From the Analyses tile, you have access to a set of standard QRVs that can be used to monitor and analyses the status of the regulations complying objects:

Regulations Hierarchy (QRV)

This QueryResultView is useful when you have larger set of regulations, that you choose to model in a 2-level hierarchy, enabling you to focus on relevant parts and keeping the overview of the different levels in a larger structure. If a regulation is comprehensive, it can be beneficial to break it down in two levels, where:

  • 1st Level contains the overview with the regulation describing of the different parts, e.g. chapters of a directive, such as GDPR, NIS2 or CSRD, each of these regulations are decomposed into a detailed diagram (2nd level)
  • 2nd level contains a regulation diagram for each part with all the relevant sub-paragraphs of the regulation.

The QRV is structured the following way:

  1. Contains the 1st Level Regulation Diagram, i.e. the Diagram you are currently viewing in the Dashboard.
  2. Information about the Level 1 Regulations, i.e. the Regulations contained in the 1st level Regulation Diagram
  3. Information about 2nd Level Diagram and Level 2 Regulations, i.e. if a Level 1 Regulation is linked (Breaks Down To) to a separate diagram, it is listed along with the regulations in that diagram
  4. Shows Category asscociated to the Level 2 Regulation object, this can be used to categorize the regulations (and collarcode)
  5. List Complying objects linked to the Level 2 Regulations.

Comprehensive regulations (e.g. from EU) can benefit from being modeled in 2 levels, these can be comprehensive and often only a subset of a regulation is relevant on a business level (while other parts addresses regulation relevant on a national or international level). But of course, this can also be applied to other types of standards as well.

Regulations Compliance Matrix (QRV)

This QueryResultView – like the Regulation Edit – lists:

  1. Regulations contained in the diagram, Relevant for business, and paragraph text for each regulation
  2. Complying object(s) linked to each regulation, as well as information about what Template type the complying object is and the responsible for each complying object.

This QueryResultView can be used to search the regulation text, and get an overview of:

  • what complying objects that are linked to each regulation, and
  • who is responsible for each complying object

It is easy to filter the list and search in the regulation text to find relevant parts, and from a compliance completeness point of view, you can check:

  • that all relevant regulations have relevant complying objects associated (and if not, a gap is identified).
  • that all complying objects have a responsible allocated (and if not, a gap is identified).

Regulation Compliance Analysis (QRV)

This QueryResultView takes a step further in the analysis of compliance fulfillment. Again, with the outset in the regulations in the diagrams the query shows:

  1. Regulations contained in the diagram, Relevant for business, and paragraph text for each regulation
  2. Complying object(s) linked to each regulation, as well as information about what Template type the complying object is, the short description of the object and the responsible and owner for each complying object.
  3. All associated Audits where the complying object is target process(object) along with details about the audit (Audit type, Audit Date) and the Governance State of the audit.

As the Regulation Compliance Matrix this QueryResultView can be used to search the regulation text, and get and overview of:

  • what complying objects that are linked to each regulation, and
  • who is responsible for each complying object
  • if and when the complying object have been part of an audit and the status of the audit

It is easy to filter the list and search in the regulation text to find relevant parts, and from a compliance completeness point of view, you can check:

  • that all relevant regulations have relevant complying objects associated (and if not, a gap is identified).
  • that all complying objects have a responsible allocated (and if not, a gap is identified).
  • that all relevant complying objects has been / will be a part of an audit, if planned audits have been executed, verified and closed, and if the audit are within a reasonable timeframe (audit plan).

Regulation Gap Analysis (QRV)

This QueryResultView takes a step further in the analysis of compliance fulfillment, and focuses on the complying objects and if there are any Gaps (Change Requests) related to the complying objects. Again, with the outset in the regulations in the diagrams the query shows:

  1. Whether each of the regulations are relevant for business
  2. Complying object(s) linked to each regulation, the responsible and owner for each complying object.
  3. All associated Change Requests related to the complying object along with details about the Change Request (ID, Short Description, Responsible) and the Governance State of the Change Request.

This QueryResultView can be used to get an overview of the status (and gaps) related to the complying objects:

  • the focus of this query is to ensure that all change requests are handled, i.e. have responsible and are progressing as planned (and closed before next audit)

A change request can e.g. identified as part of an audit, which are the focus of the previous QRV (Regulation Compliance Analysis)

Manage Complaints

This list shows all the Complaints in the repository, including their key properties. From this point, new complain can be created and existing ones can be analysed and edited.

The Manage Complaints list is available from the tile on the Compliance Desktop.

  • Manage Complaints Tile (standard Compliance Desktop in QualiWare (version 10.9 and earlier)).

 

 

 

 

 

 

 

 

 

 

The list can also be accessed from the left-menu under Compliance.

If you click a Complaint you get a more details view, based upon the Complaint-Template.

From this dialog the responsible can edit the complaint and progress it through the governance phases.

Below is the standard GovernanceWorkflow for Non-conformance management shown, this flow can be adjusted if needed, see the GovernanceWorkflow for more details.

Risk Management

QualiWare contains a comprehensive set of features and functions to related to all aspects of risk management.

Risk Management in QualiWare

In QualiWare you get a full modern enterprise risk tool, where you can manage all level of risk in the organization.

All stages of a risk can be captured and managed in the system from:

  • Registration of new risk, including categorization and type
  • Assessment on inherent likelihood and probability
  • Setting the risk appetite, targeting desired risk likelihood and significance
  • Mitigation of risk through defining/associating controls, and thereof mitigated likelihood and significance
  • Monitor the risks, through controls, and ongoingly evaluation of sufficiency of controls and/or creating and managing control deficiencies and corrective actions

Risk can be associated to any object in QualiWare and can be:

  • Distributed in the organization, e.g. a processresponsible can create and assess risk associated to her/his processes,
  • Handled on an enterprise level, considering all risks, or all IT-related risk and managing the overall risk portfolio according to the risk appetite and priorities in the organization.

In addition QualiWare also have full support for Business continuity Management, enabling you to etablish and manage:

  • Business Impact Analysis (analyse what can go wrong, in the case of a disruption or disaster)
  • Resilience plan (how can we prevent and prepare for what can go wrong)
  • Recovery plan for what we do if something goes wrong
  • Contingency plan that handles how to prepare, train and test the business in case somethings goes wrong

There is a dedicated Risk Management Desktop and Menu available in the QualiWare tools a long with a set of reports and analysis functionality such as list, highlights and visualizations.

Risks in QualiWare

A Risk can be described using the Risk-template, where it can be described, scored and associated to content and controls.

A risk can be associated to any type of object in the repository.

In QualiWare a Risk can be :

  • Associated to one of more objects, e.g a process (concerns)
  • Has a responsible person (HasResponsible)
  • Has a type (Type)
  • Associated to a risk category (HasRiskCategory)
  • Be reduced by a Control (Reduce)

A Control:

  • Is an activity in a process
  • Can be documented in an evaluation

Risk Menu in QualiWare

The Risk menu contains a set of lists of overviews, that supports the risks from identification, assessment, mitigation and monitoring.

Risk Management Desktop in QualiWare

The Risk Management desktop in QualiWare provides the user with fast access to all essential features related to all aspects of risk management.

Read more about the Risk Management Desktop here

Business Continuity Management

QualiWare 10.3 supports the development and implementation of a business continuity management system supporting ISO 22301. The new features are positioned under the Risk menu and contains four major deliverables:

  • Business Impact Analysis
  • Resilience Plan
  • Recovery plan
  • Contingency Plan

– as well as a series of relevant analysis report.

Read more about the Business Continuity here

Video Highlights

This video walkshrough the risk management elements in QualiWare.

This video walkshrough the business continuity management elements in QualiWare.

Risk Management Desktop

Note that this page describes the standard Risk Management Desktop in QualiWare (version 10.9 and earlier).

The Risk Management desktop in QualiWare provides the user with fast access to all essential features related to all aspects of risk management.

The Risk Management desktop support all aspects of a modern integrated risk management system.

This includes:

Furtermore the desktop contains a set of comprehensive lists with all risks in the repository, where the user can explore and update the risks and associated objects:

  • Risk Register: Use this feature to register Risks, categorize risks and assign responsibilties and context.
  • Risk Assessment: Use this feature to update risks with Likelihood and Significance, Risk appetite and various impact properties such as Finacial impact, Reputation impact and Legal Impact.
  • Risk and Control: Use this feature to update risks with Controls and the residual risk level.
  • Evaluations: Use this feature to document the evaluation of controls, the findings and conclusions.
  • Control Deficiencies: Use this feature to manage discovered Control Deficiencies, responsibilities and recommended actions.
  • Corrective Actions: Use this feature to define and follow up on Corrective Actions, status and closing information.

In addition, there are access to different lists of risks, heatmaps, and graphs.

Go to Video Highlights.

Register Risk

A risk can registered directly from the desktop.

Note that Risks can also be easily created (and/or associated) in relation to specific content from the dashboard edit view.

The risk can be described using a set of properties, and the risk can be assessed.

A risk can be associated to one or more object(s) in the repository.

Risk Register

A risk can be described and categorised using a set of parameters, the risk can be bulked edited from the Risk Register.

Risk Assessment

A risk can be assessed using a set of parameters (likelihood and Significance), and can be bulked edited from the Risk Assessment Register.

Risk and Control

  • A risk can be mitigated by a control
  • A control can be associated to one or more risks.
  • After a control the risk has a residual likelihood and significance

Evaluations

A control can be evaluated, and the evaluations can be documented

Control Deficiencies

A control deficiency can be created and associated to an evaluation.

Corrective Actions

Follow up on corretive actions related to Non-Conformancies and control deficiencies

Risk Lists

QualiWare support ERM. You can work with risk on ”all levels”, and you can associate risk to all objects in the repository.

The dekstops contains a set of lists that show risks associated to different types of objects.

Queries in QualiWare can be sorted and filtered, and it is possible to export lists to excel/pdf.

Below is an example of the list of Process Risks.

Risk Heatmaps

QualiWare support ERM. You can work with risk on ”all levels”, and you can associate risk to all objects in the repository.

The Inherent Risk Heatmaps shows the risks in a 5 x 5 heatmap based upon the inherent risk levels.

The Residual Risk Heatmaps shows the risks in a 5 x 5 heatmap based upon the residual risk levels (after one or more controls have been implemented).

Video Highlights

This video introduces Risk Management in QualiWare

Compliance Charts

Charts give a fast overview of the amount and distribution of different types of content according to their status.

A set of statistics chars are available from on the Compliance Desktop showing the distribution of the different types of process diagrams (BusinessProcessNetworks, WorkflowDiagram, BusinessProcessDiagrams), audit, non-conformancies, and change requests according to their governance status.

The charts group the different types of objects and displays the number of objects in each of the governance stages. The governance stages are defined as part of the governance workflow for the different types of objects.

Process Completion Level

To help facilitate a consistent and an aligned level of process documentation, a set of completeness score are available in the tool.

Two process completion lists are available from the standard Process menu. The lists are structured in a similar way, but differ in the scope. The first list contains all the business process networks in the repository, the 2nd list includes all workflow diagrams and Business Process Diagrams.

 

 

 

 

 

 

 

 

Business Process Completion” lists all the Business Process Networks and their Business Processes and calculates a completeness score for the diagram as well as each business process.

The completeness score of the diagram is a calculated based upon how many of the following fields have been filled out:

  1. Owner (OwnedBy),
  2. Responsible (HasResponsible),
  3. Description (Description),
  4. Valid from (RevisionValidFrom),
  5. Valid to (RevisionValidTo)

The completeness score of the business process is a calculated based upon how many of the following fields have been filled out:

  1. Owner (OwnedBy),
  2. Responsible (HasResponsible),
  3. ShortDescription (ShortDescription),
  4. Description (Description),
  5. Purpose (Purpose),
  6. Resources (Employs),
  7. UsesInformation (UsesInformation),
  8. IT Support (HasITSupport),
  9. Deliver Capability (DeliverCapability),
  10. Compliance With (ComplianceWith),
  11. Associated Document (AssociatedDocument),
  12. Valid from (RevisionValidFrom),
  13. Valid to (RevisionValidTo)

 

 

 

 

 

The fields in the calculation corresponds to the fields in the standard “Business Properties” spreadsheet available in the diagram view on the dashboard layout or on the tab in the classic view. In addition to the 11 fields in the spreadsheet, the completeness score includes the two validation dates (Valid from and Valid to).

 

 

It is possible to configure the scope of the completeness score, selecting the appropriate fields in the underlying query.

Work Process Completion”  lists all WorkFlowDiagrams and BusinessProcessDiagrams and their Activities, and calculates their completeness score for the diagram and each of the activities.

The calculation is similar to the one above for the Business Process Network. The only exception is that the activity completion is calculated based upon 12 fields, since “Purpose” is not part of an activity-object.

Diagram level completion

The two lists in the left menu, shows the completion level for all process-diagrams in the repository.

The completion level for a specific diagram is also available from the diagram-dashboards, under the “Analyses” tiles.

Process GRC Overview

As a compliance manager overseeing a management system, it’s crucial to maintain an overview of its content. This includes understanding which processes are available, approved, and validated, as well as knowing who is responsible for each process.

Two lists of processes are available from the standard Process menu. The lists are structured in a similar way, but differs in the scope.

  • The first list contains all the business process networks in the repository,

 

  • the 2nd list includes all process related diagrams, i.e. includes all workflow diagrams and Business Process Diagrams as well.

 

 

 

 

 

The lists displays “Positions” as process owner and responsible, and shows the person holding the position, as well as Termination Date (if available) of the person.

The overviews provide a comprehensive status of all the processes and can be used to monitor their statuses:

  • What governance state is the process in (it is approved or under development)?
  • is the process still valid?
  • does the process have an assigned position as process owner and process responsible.
  • does the position have a position holder.
  • and is the person still employed, or will he/she leave the company soon?

If the termination date has passed the cell will be colored red.

 

Manage Corrective Actions

This list shows the Corrective Actions in the repository, including their key properties. A Corrective Action can be created in relation to a Non-Conformance or Control Deficiency.  From the list below a new Corrective Actions can be created and existing ones can be analysed.

The Manage Corrective Actions list is available from the tile on the Compliance Desktop.

  • Manage Corrective Actions Tile (standard Compliance Desktop in QualiWare (version 10.9 and earlier)).

 

 

 

 

 

 

 

 

 

 

 

 

 

The list can also be accessed from the left-menu under Compliance.

 

 

 

 

 

 

 

 

If you click a Corrective Action you get a more detailed view, based upon the CorrectiveAction-Template.

From this dialog the responsible can edit the corrective action and progress it through the governance phases.

Below is the standard GovernanceWorkflow for Corrective Action Management shown, this flow can be adjusted if needed, see the GovernanceWorkflow for more details.

As part of the standard Non-Conformance Governance Workflow, you can add a Corrective Action to a Non-conformance when it is in “implementation” governance state (this can be configured, read more about GovernanceWorkFlows here).

And associated Corrective Action(s) can be seen on a dedicated tab on a Non-Conformance.

Compliance Matrices

An essential aspect of compliance is documenting the link between a set of regulations (for example, an ISO standard when pursuing certification) and the corresponding objects in the management systems that fulfill these regulations or requirements.

Compliance Matrices in QualiWare 10.10

Compliance matrices are generated automatically in QualiWare based upon the relations between the objects in the system. The Regulation Diagram is used to capture a set of regulations and the matrices are derived based upon the content (regulations) and their related complying objects. (Learn more about how to create and enrich the content contained in the compliance matrices).

In QualiWare 10.10 the Diagram Dashboard for RegulationDiagram contains a set of standard compliance matrices.

The Dashboard contains a tile with a query showing relevant regulations, their complying objects and their related audits.

The compliance matrix can be expanded/toggled to full size (clicking in the top right corner). The full size contains an additional set of columns enabling you to analyze and focus on the relevant subset.

  1. The first columns contain properties about the regulation (paragraph number, text, relevant for business)
  2. Audits where the regulation is target regulation (name, audit date and audit governance state)
  3. Complying objects (responsible for the object, type of template, governance state of the object)
  4. Change request related to the complying object, and their governance state
  5. Non-Conformances related to the complying object, and their governance state
  6. Audits where the complying object is target object (name, audit date and audit governance state)

Other tiles on the Diagram Dashboard for RegulationDiagram support essential steps related to compliance matrices and compliance analysis.

The Edit tile contains a set of Editable Spreadsheets where data and relations can be managed and updated:

Click here to explore the full list of spreadsheets available in the Edit tile on the Regulation Diagram Dashboard.

The Analyses tile contains a set of filterable QRVs each focusing on a relevant subset of properties and relation to the regulations:

The Highlight tile contains a set of Advanced highlights that are based upon derived relationships and underlying data. This enables the user to get an easy and comprehensive view whether a regulatory object is relevant for business, has complying objects and if so when it has last been audited.

Click here to explore the full list of Highlights available in the Highlight tile on the Regulation Diagram Dashboard.

See the detailed step-by-step description of Compliance Matrices in QualiWare 10.10 here.

 

 

 

 

 

 

Compliance Matrices in QualiWare 10.9 and earlier

The Compliance Matrices are available from the standard tiles on the Compliance Desktop (version 10.9 and earlier). One tile for regulatory compliance and another for requirements.

 

 

The Compliance Matrices can also be accessed from the left-menu under Compliance.

 

 

 

 

 

 

 

 

 

 

 

 

The tile “Compliance and Gap Analysis” and the menupoint “Regulatory compliance” provides access to the list of Regulation Diagrams in the repository. The Regulation Diagram allows the user to create a diagram containing the relevant regulation for a specific purpose. This may be the entire set of clauses in an ISO standard, or it may be a selected set of regulations that the business needs to document compliance towards.

Note, you need to add a regulation diagram / requirement diagram to the repository, to get content in the compliance matrix. Click here to learn how to create a compliance matrix.

When a Regulation Diagram is selected in the list, the tool does not show a diagram. Instead, two analysis tabs with compliance analysis and gap analysis are available. The Compliance Analysis looks like this:

The left part of the compliance analysis lists the objects complying with a regulation. If compliance is missing, the Complying object part of that row will be empty (see section below for how to add content to the complying object). The right part of the analysis details the audits that have been executed with focus on the complying objects. This way, the auditor can easily find the validation of a compliance, and identify needs for target to upcoming audits.

The gap analysis includes the same left part as the compliance analysis, but the right part shows a list of Change Requests defined for the complying objects:

With this analysis, it is easy to see which changes are required to reach the desired level of compliance.

Similar tabs and compliance matrices are associated to the requirement models.

Create a Compliance Matrix

  1. To create a compliance matrix, you need to create a regulation diagram or a requirement model that contains the relevant regulations or requirements in scope for your organisation (see more here)
  2. Once you have created the regulations/requirements in the repository, you can associate the relevant complying objects in the repository to each of the relevant regulations/requirements
    • You link from the complying object to the regulation via the “Compliance With” association
    • The easiest way to establish the link is via the standard “Property” spreadsheets on the process dashboards on the “Edit” tile.

  • In the example above the compliance with relation is established “from” the complying object to the regulation, you can also insert the relation from each regulations “to” the complying objects using the Edit tile on the RegulationDashboard.

Click here to see a more detailed step by step guide of how to work with compliance matrices in QualiWare 10.10.