1
0
mirror of https://github.com/strongdm/comply synced 2024-12-26 23:31:37 +00:00
comply/themes/comply-soc2
Rodolfo Campos e3efe3d74f
Merge pull request #80 from adamdecaf/2019-12-24-typos
soc2: fixup minor typos
2021-09-21 12:02:48 +02:00
..
narratives soc2: fixup minor typos 2019-12-24 11:04:25 -06:00
policies soc2: fixup minor typos 2019-12-24 11:04:25 -06:00
procedures automated asset refresh (via Makefile) 2018-05-18 12:35:06 -07:00
standards soc2: fixup minor typos 2019-12-24 11:04:25 -06:00
templates automated asset refresh (via Makefile) 2018-05-17 23:21:18 -07:00
README.md Fix README typo 2019-08-15 13:34:52 -07:00
TODO.md Initial commit 2018-05-15 14:13:11 -07:00

{{.Name}} Compliance Program

This repository consolidates all documents related to the {{.Name}} Compliance Program.

Structure

Compliance documents are organized as follows:

narratives/     Narratives provide an overview of the organization and the compliance environment.
policies/       Policies govern the behavior of employees and contractors.
procedures/     Procedures prescribe specific steps that are taken in response to key events.
standards/      Standards specify the controls satisfied by the compliance program.
templates/      Templates control the output format of the HTML Dashboard and PDF assets.

Building

Assets are built using comply, which can be installed via brew install comply (macOS) or go get github.com/strongdm/comply

Publishing

The output/ directory contains all generated assets. Links in the HTML dashboard are relative, and all dependencies are included via direct CDN references. The entire output/ directory, therefore, may be uploaded to an S3 bucket or another static asset host without further modification.

Dashboard Status

Procedure tracking is updated whenever comply sync is invoked. Invoke a sync prior to comply build to include the most current ticket status.

Procedure Scheduler

Any procedures/ that include a cron schedule will automatically created in your configured ticketing system whenever comply scheduler is executed. The scheduler will backfill any overdue tickets.

Deployment Recommendation

Invoke a script similar to the following at least once per day:

#!/bin/bash
#
# prerequisites:
#   git access
#   ticketing configuration in comply.yml
#   upload.sh to publish static site
#

# get latest policies and procedures
git pull

# update ticketing status
comply sync

# trigger creation of scheduled tickets
comply scheduler

# build latest
comply build

# publish static site from output/ directory
upload.sh output/