Learn how 6clicks supports your ongoing compliance posture by outlining changes between authority versions, and automatically linking authority provisions to your internal controls
Table of contents
Authority gap assessment
Leverage 6clicks authority gap assessment for streamlined compliance management across standards, frameworks and regulations.
Locate compliance authority
Compliance requirements supplied by 6clicks are located in the content library. The content library icon is in the top right.
Once in the content library, Authorities can be located using the Authority filter.
Select any piece of content for an overview of the content itself and for a change summary referencing the previous version of that content, if it is available (indicated by the lilac tag Change log available).
Click into the content to check changes by clicking on View details in Change summary.
Click Add content to add it to your compliance module so you can create mappings or view the change log.
Compare authority versions
In the Compliance module, go to the authority and click on the Change log tab to see more details.
Similar to other compliance mappings powered by Hailey, the view provided by the change log provides the differences and similarities for an organization to digest the differences and similarities between the two versions of the document. The categories for these changes are:
- Unchanged
- Updated
- New
- Removed
Clicking on a provision or statement that has been changed or updated will provide a side-by-side comparison of the provisions in question with details of the changes.
Inherit responses from Requirement-Based Assessments (RBA)
Navigate to the Audits & Assessments section of the platform and begin by creating a Requirement Based Assessment.
Prerequisites:
IF the Authority utilized for the new RBA has an applicable previous version mapped to it with a previous assessment completed against that previous version, OR
If the Authority utilized for the RBA has a previous assessment completed against it
THEN
The new options will be available to reuse answers from those legacy assessments to populate the new assessment.
If at least one of the prerequisites noted above exists, once the assessment has been published, the Reuse Response button will be available.
The Reuse Response function will attempt to populate the previous responses based on the completed mapping between the provisions. With the reused responses, the relevant fields can be selected from these fields:
- Written responses to criteria fields
- Issues & Actions
- Risks
- Attachments
To reuse the response, click Load Response.
Inherit responses from Question-Based Assessments (QBAs)
Navigate to the Audits & Assessments section of the platform and begin by creating a Question Based Assessment.
Prerequisites:
IF the Authority utilized for the new QBA has an applicable previous version mapped to it with a previous assessment completed against that previous version, OR
If the Authority utilized for the QBA has a previous assessment completed against it
THEN
The new options will be available to reuse answers from those legacy assessments to populate the new assessment.
If at least one of the prerequisites noted above exists, once the assessment has been published, the Reuse Response button will be available.
The Reuse Response function will attempt to populate the new assessment with the previous responses based on the completed mapping between the provisions. With the reused responses, the relevant fields can be selected and edited. These fields include:
- Written responses to criteria fields
- Issues & Actions
- Risks
- Attachments
To reuse the responses, click Load Response.
Once the responses are loaded the data will be presented, for example, as seen below:
At this point, you can review and update your new assessment, updating or correcting any information applicable to your environment.
Automatic linking between authorities & controls
This section discusses automatic linking between authorities and controls, as based on authority changelogs available outlined above.
For linking authorities and controls in general, head here.
How does this help me?
In 6clicks, you can link your controls to compliance requirements to ensure that your organizational policies comply with standards or frameworks.
However, compliance requirements are often updated by their bodies.
Using changelogs, 6clicks can trace each requirement (provision) from the compliance framework (authority) that you mapped your controls to, to the most recent version so that you can stay informed of any gaps between your controls and the compliance requirements.
This functionality will keep track of each provision at each iteration so that even if you are skipping across multiple versions of the same authority, the latest equivalent provision will be automatically linked to your controls as soon as the latest authority is added to your environment.
For example, if you have controls linked to ISM March 2023, and add ISM June 2024 to your environment, 6clicks can bridge the gap between multiple versions and link the closest equivalent provisions.
Prerequisites
For automatic linking between controls and provisions to occur, there are a couple of prerequisites.
- You need an authority which is supported (those that have changelogs available in the Content Library).
- You need a control set which is mapped or linked to this authority.
Automatic linking in action
In this example, some provisions from ISM March 2024 is linked to this control.
ISM June 2024 is added to the environment. Its equivalent provisions are now automatically linked to the control. You don't have to do anything else other than adding a different version of the same authority to your environment for this to take effect.
In summary, we can seamlessly link internal controls with compliance requirements as they change.