The compliance module within Mango is an ideal way to manage requirements associated with ISO Standards and legislation.
Legislation doesn't stand still. There is constantly new legislation being passed, whilst existing requirements may be repealed. The same is true for Standards, which are periodically reviewed and updated - although there is normally an extended transition period in place for these.
Mango makes it easy to manage these changes. Within the system administration area of the compliance module, you can set up different statuses. Often, many users start with the simple statuses of 'compliant' or 'not compliant', but you can introduce other things too. Here are some that we like to use:
To be reviewed - you've identified a requirement that is relevant to your organisation, but you don't yet know whether you meet the requirements or not.
Compliant - you have satisfied yourselves that you have sufficient evidence that you fully meet the requirements of the clause / Standard or legislation cited.
Not compliant - gaps exist in your system, and you cannot currently demonstrate that the requirement is controlled.
Not applicable - this can be useful when using the compliance module to manage the Statement of applicability for ISO 27001, and would be used to show that one of the Annex A controls was in fact not applicable to your organisation.
Repealed - used to indicate that a piece of legislation has been repealed (and it is likely that there is now a newer, more up to date, peice of legislation in play)
(Of course, you can have other statuses, if that is useful to your organisation.)
The latter option shown on our list is a great way of showing that something is no longer relevant, or, essentially, archiving a piece of legislation (which is what sparked the idea for this post!). You will still have the full history, including details of what had done to ensure compliance when the legislation was in force.
Would you add any additional statuses to our list? Why not share your thoughts in the comments below, or email us via info@penarth.co.uk.
Comentarios