Compliance+ Module

The Compliance+ module is your central hub for managing risk and compliance activities. Each section—Controls, Documents, Frameworks, Tests, Risk Assessments, and Risk Scenarios—works on its own but also links together to form a complete compliance management system.

📋 Controls

Overview
Controls are the measures you put in place to mitigate risks. They define what you do to reduce exposure and stay compliant.

What you see

• Control name and description

• Linked frameworks and risk scenarios

• Renewal period

• Associated tests, documents, frameworks, and risk scenarios in View Control

How to use it

1. Navigate to Controls in Compliance+.

2. Click Add Control to create a new one.

3. Enter details, link frameworks and scenarios.

4. Review effectiveness based on test results.

Connections

• Controls are tied to risk scenarios.

• Tests validate control effectiveness.

📂 Documents

Overview
Documents are the foundation of compliance, including policies, procedures, agreements, and contracts.

What you see

• Centralized repository of documents

• Associations to controls, frameworks, and scenarios

• Version history and change log

Uploads

• Documents support versioned uploads. Uploading a new file keeps the old version and tracks the change automatically.

How to use it

1. Go to View Documents.

2. Select Document Versions tab

3. Click Upload Document to add a new document.

4. See version history and linked components.

Connections

• Documents link across controls, scenarios, and frameworks to provide necessary documentation for each compliance section.

🧩 Frameworks

Overview
Frameworks give structure to your compliance program. They align activities with regulatory standards and industry best practices.

What you see

• Framework name and description

• Associated assessments

• Active/inactive status

How to use it

1. Go to Frameworks.

2. Add or activate a framework.

3. Use View Frameworks to see associated assessments, scenarios, controls, and documents.

Connections

• Frameworks connect directly to scenarios, controls, and risk assessments.

✅ Tests

Overview
Tests verify whether controls are properly implemented and effective.

What you see

• Associated control

• Evidence uploads

• Pass/fail result

• Test history

Uploads

• Tests include evidence uploads such as reports, screenshots, or logs.

How to use it

1. Navigate to Tests.

2. Click Add Test and select the related control.

3. Use View Test to upload evidence and record pass/fail.

4. Review historical results in the log.

Connections

• Tests → validate controls.

• Results feed into risk assessments.

📊 Risk Assessments

Overview
Risk Assessments combine frameworks, scenarios, controls, and documents into a structured evaluation.

What you see

• Name, description, and assessment details

• View related frameworks and scenarios in View Risk Assessments

• Overall and residual risk ratings

Complete Assessment

• When completing an assessment, you first see a snapshot of scenarios (likelihood, impact, residual risk).

• Once completed, the snapshot is saved and can be viewed anytime under View Risk Assessments in the Completed Assessment tab.

How to use it

1. Go to Risk Assessments

2. Click Create New and create a new assessment with due dates and a renewal period.

3. Once the assessment is ready for review, review the snapshot and complete the assessment.

4. Completing the assessment will move the future due date based on the renewal period.

Connections

• Risk assessments bring everything together into a full risk profile.

⚠️ Risk Scenarios

Overview
Risk Scenarios define the “what if” situations where risks may occur.

What you see

• Scenario name and description

• Likelihood and impact ratings

• Inherent and Residual risk ratings (auto-calculated)

• Associated frameworks, assessments, and categories.

How to use it

1. Go to Risk Scenarios.

2. Add or edit scenarios and set likelihood/impact.

3. Link scenarios to frameworks and risk assessments.

Connections

• Scenarios link to frameworks, controls, documents, and assessments.

• They feed directly into risk assessments.