mirror of
https://github.com/strongdm/comply
synced 2024-11-05 07:25:26 +00:00
38 lines
1.4 KiB
Markdown
38 lines
1.4 KiB
Markdown
|
# {{.Name}} Compliance Program
|
||
|
|
|
||
|
|
High-level TODO created by [comply](https://github.com/strongdm/comply)
|
||
|
|
|
||
|
|
## Initialization Phase (hours)
|
||
|
|
- [ ] Add project to source control
|
||
|
|
- [ ] Verify `comply build` generates valid output
|
||
|
|
- [ ] Create ticketing credentials, configure via `comply.yml`
|
||
|
|
- [ ] Verify `comply sync` executes without errors
|
||
|
|
|
||
|
|
## Authoring Phase (weeks)
|
||
|
|
- [ ] Validate standards/, pruning as necessary
|
||
|
|
- [ ] Customize narratives/
|
||
|
|
- [ ] Customize policies/
|
||
|
|
- [ ] Distribute controls among policies
|
||
|
|
- [ ] Ensure policies address all controls
|
||
|
|
- [ ] Customize procedures/
|
||
|
|
- [ ] Distribute controls among procedures
|
||
|
|
- [ ] Create valid ticket templates
|
||
|
|
- [ ] Assign schedules
|
||
|
|
- [ ] Verify `comply todo` indicates all controls satisfied
|
||
|
|
|
||
|
|
## Deployment Phase (weeks)
|
||
|
|
- [ ] Deploy `comply scheduler` (see README.md for example script)
|
||
|
|
- [ ] Deploy `comply build` output to shared location
|
||
|
|
- [ ] Distribute policies to team
|
||
|
|
- [ ] Train team on use of ticketing system to designate compliance-relevant activity
|
||
|
|
|
||
|
|
## Operating Phase (eternal)
|
||
|
|
- [ ] Monitor timely ticket workflow
|
||
|
|
- [ ] Adjust and re-publish narratives, policies and procedures as necessary
|
||
|
|
|
||
|
|
## Audit Phase (weeks, annually)
|
||
|
|
- [ ] Import request list (tickets will be generated)
|
||
|
|
- [ ] Fulfill all request tickets
|
||
|
|
- [ ] Attach policies, procedures, and narratives
|
||
|
|
- [ ] Attach evidence collected by previously-executed procedure tickets
|