1
0
mirror of https://github.com/strongdm/comply synced 2024-11-21 15:14:54 +00:00
comply/example
2021-10-19 16:05:25 -03:00
..
narratives Backporting new narrative content to Comply 2018-10-04 10:23:24 -04:00
policies Fixed formatting typo 2019-09-23 07:43:32 -04:00
procedures workstation procedure example 2018-05-18 12:33:08 -07:00
standards Initial commit 2018-05-15 14:13:11 -07:00
templates Update pandoc dockerfile and latex template and fix infinite build, fix pandoc always pull and fix strikethrough (#100, #103 and #115) 2021-10-19 16:05:25 -03:00
.gitignore Initial commit 2018-05-15 14:13:11 -07:00
comply.yml.example Optionally, authorship and approval information appended to policies (#54) 2018-08-29 15:39:50 -07:00
README.md Fix README typo 2019-08-15 13:32:37 -07:00
TODO.md Initial commit 2018-05-15 14:13:11 -07:00

{{.Name}} Compliance Program

This repository consolidates all documents related to the {{.Name}} Compliance Program.

Structure

Compliance documents are organized as follows:

narratives/     Narratives provide an overview of the organization and the compliance environment.
policies/       Policies govern the behavior of employees and contractors.
procedures/     Procedures prescribe specific steps that are taken in response to key events.
standards/      Standards specify the controls satisfied by the compliance program.
templates/      Templates control the output format of the HTML Dashboard and PDF assets.

Building

Assets are built using comply, which can be installed via brew install comply (macOS) or go get github.com/strongdm/comply

Publishing

The output/ directory contains all generated assets. Links in the HTML dashboard are relative, and all dependencies are included via direct CDN references. The entire output/ directory, therefore, may be uploaded to an S3 bucket or another static asset host without further modification.

Dashboard Status

Procedure tracking is updated whenever comply sync is invoked. Invoke a sync prior to comply build to include the most current ticket status.

Procedure Scheduler

Any procedures/ that include a cron schedule will automatically created in your configured ticketing system whenever comply scheduler is executed. The scheduler will backfill any overdue tickets.

Deployment Recommendation

Invoke a script similar to the following at least once per day:

#!/bin/bash
#
# prerequisites:
#   git access
#   ticketing configuration in comply.yml
#   upload.sh to publish static site
#

# get latest policies and procedures
git pull

# update ticketing status
comply sync

# trigger creation of scheduled tickets
comply scheduler

# build latest
comply build

# publish static site from output/ directory
upload.sh output/