e3efe3d74f
soc2: fixup minor typos |
||
---|---|---|
.. | ||
narratives | ||
policies | ||
procedures | ||
standards | ||
templates | ||
README.md | ||
TODO.md |
{{.Name}} Compliance Program
This repository consolidates all documents related to the {{.Name}} Compliance Program.
Structure
Compliance documents are organized as follows:
narratives/ Narratives provide an overview of the organization and the compliance environment.
policies/ Policies govern the behavior of employees and contractors.
procedures/ Procedures prescribe specific steps that are taken in response to key events.
standards/ Standards specify the controls satisfied by the compliance program.
templates/ Templates control the output format of the HTML Dashboard and PDF assets.
Building
Assets are built using comply
, which can be installed via brew install comply
(macOS) or go get github.com/strongdm/comply
Publishing
The output/
directory contains all generated assets. Links in the HTML dashboard are relative, and all dependencies are included via direct CDN references. The entire output/
directory, therefore, may be uploaded to an S3 bucket or another static asset host without further modification.
Dashboard Status
Procedure tracking is updated whenever comply sync
is invoked. Invoke a sync prior to comply build
to include the most current ticket status.
Procedure Scheduler
Any procedures/
that include a cron
schedule will automatically created in your configured ticketing system whenever comply scheduler
is executed. The scheduler will backfill any overdue tickets.
Deployment Recommendation
Invoke a script similar to the following at least once per day:
#!/bin/bash
#
# prerequisites:
# git access
# ticketing configuration in comply.yml
# upload.sh to publish static site
#
# get latest policies and procedures
git pull
# update ticketing status
comply sync
# trigger creation of scheduled tickets
comply scheduler
# build latest
comply build
# publish static site from output/ directory
upload.sh output/