Need a Policy? Use One of These.
The Policy Generator is a quick way to create customized policies for your organization. Many of the controls can be fully or partially satisfied by providing evidence of company-specific policies.
Why Use the Policy Generator?
Let’s use Control 3.3.5 as an example. The control requirement states: “Correlate audit review, analysis, and reporting processes for investigation and response to indications of inappropriate, suspicious, or unusual activity”.
The ComplyUp Comments give us a bit more information on how to respond.
Let’s look at the Evidence Recommendations.
It looks like two Policy Templates are available that would work quite well with this control. Let’s head over to the Policy Generator.
Policy Generator Usage
The Policy Generator lists a series of templates available for customization.
Click on a policy to load it in the Policy Editor.
The policy editor pre-populates the template with your Organization’s Name. Use the editor to make changes to the policy so it aligns with your organization’s guidelines.
Many of the policies can be associated with more than one control. The Security Response Plan mentioned earlier is appropriate evidence for several controls: 3.3.5, 3.6.1, 3.6.2, 3.6.3, 3.13.14. Decide if you’d like to auto-associate this template to all recommended controls, then click Save in the Save Policy section. The template will be saved as a PDF and added to the Evidence View.