Expert Guides
      Back to home
      1. Knowledge Base Home
      2. Getting Started
      3. Expert Guides

      Hailey AI: Control Set to Authority Gap Analysis

      Map policies and control sets to authority documents automatically and action on any gaps within the platform using the 6clicks Issues and Actions functionality

      Topics covered in this article:

      1. Understanding Controls to Provisions Mapping 
      2. ​Data Collection and Integration
      3. Framework Identification and Scoping
      4. Controls to Provisions Mapping
      5. Provisions to Controls Mapping
      6. Reporting for Stakeholders

      Introduction

      Meet Hailey, the cutting-edge artificial intelligence (AI) system developed by 6clicks, designed to automate standards, frameworks and regulatory mapping and streamline risk and compliance activities. Hailey leverages advanced machine learning algorithms to empower organizations to navigate complex regulatory landscapes effortlessly.

      Key Benefits of Hailey:

      1. Efficiency Enhancement: Hailey significantly boosts efficiency by automating compliance mapping processes, reducing the time and effort required for such activities.

      2. Accurate Insights: Through its advanced AI capabilities, Hailey ensures precise and up-to-date data, offering organizations usable insights into regulatory compliance requirements and related compliance posture.

      3. Risk Mitigation: By providing a comprehensive overview of regulatory landscapes, Hailey enables proactive risk management and ongoing compliance, helping organizations avoid GRC challenges and pitfalls.

      How 6clicks leverages artificial intelligence today includes:

      1. Compliance mapping: Comparing authority documents (standards, laws, and regulations) made of individual provisions (clauses) to identify similarities and differences. This is extremely helpful for assessment cross-walking and streamlining multi-framework compliance.
      2. Policy/control gap analyis: Comparing policies/controls defined in 6clicks with authority documents to identify coverage and gaps.
      3. Policy/control set development:  Helping to draft policy/control set descriptions through synthesizing and paraphrasing linked provisions into controls.
      4. Assessment questions mapping: mapping similar audit and assessment questions previously answered.
      5. Assessment response generation: Generating a suggested answer to a question in an assessment based on similar questions previously answered.
      For more information about 6clicks' use of AI and ML technologies click here.

      Understanding Control Set to Authority Gap Analysis

      This process, facilitated by Hailey AI, involves mapping internal controls with external provisions in specified target authorities (standards, frameworks, and regulations) to identify areas of compliance and non-compliance. The benefit of using Hailey AI for this process is that it streamlines identifying compliance gaps for remediation and helps mitigate related risks. This process, which traditionally could take weeks, can now be done in seconds and to a high degree of accuracy while decreasing manual effort.

      To achieve a successful mapping request, an internal control set or policy must exist in the Policies & Controls module, which will be the source document, and an authority document must exist in the Compliance module, which will be the target document. Once the source and target documents have been selected, Hailey will do the rest, mapping controls in the source document to provisions in the target document and providing you with a source control set or policy mapped back to the target authority. 

      This powerful feature helps organizations quickly identify whether their policies and control sets are compliant and identify areas of non-compliance for immediate remediation, which is also managed in 6clicks.

      Download or import your control set

      By collecting and integrating relevant data into the 6clicks platform, compliance teams can effectively analyze and compare various standards and frameworks. 6clicks offers a comprehensive controls module. 

      • Objective: Lay the foundation for comprehensive analysis by accessing the 6clicks content library and adding a templated internal control set, which you will then map to an authority.

      • Actions:

        1. Use 6clicks Content Library to collect relevant control set data.
        2. Select the Control Set content type and find the 6clicks Cyber and Information Security Framework control set for this example.
        3. Select details and then add content.

       

      Framework Identification and Scoping

      Organizations can effectively define the scope of their analysis, ensuring that the Controls to Provisions Mapping process is targeted and aligned with the chosen cybersecurity compliance standards. This strategic approach enhances the accuracy and relevance of the mapping results, facilitating a more efficient compliance management process. This involves identifying relevant cybersecurity compliance control set standards, such as Acceptable Use, Business Continuity, and others to ensure a focused and comprehensive mapping.

      • Objective: Clearly define the scope of frameworks to be analyzed.

      • Actions:

        1. Navigate to the Controls module.
        2. Search for framework, for this example, we will use 6clicks Cyber and Information Security Framework.
        3. Review provision details are accurate.

      Controls to Provisions Mapping

      Controls to Provisions Mapping is a crucial process in regulatory compliance and cybersecurity management. It involves aligning internal controls, the specific measures organizations implement for risk mitigation and compliance, with external provisions from standards or regulations. The primary goal is to create a clear link between implemented controls and external regulatory requirements. This mapping ensures transparency, aids in risk management, and streamlines compliance efforts, allowing organizations to identify and address any potential gaps in their adherence to industry standards.

      • Objective: Navigate controls and policies seamlessly, mapping them to authority documents for a comprehensive compliance overview.
      • Action Steps:
      1. Navigate to Control Sets and select the 6clicks Cyber and Information Security Framework control set.
      2. Access the Mappings tab.
      3. Either create a new mapping with Hailey,  or select the pre-mapped authority filter, and select the ISO/IEC 27001:2013. We currently only support cyber security and privacy content.
      4. Review the linked children icon on the right of your screen, here you can view each associated authority provision tied to that specific control.

      Provisions to Controls Mapping

      The primary objective of provisions to control mapping is to understand the overlap between your internal controls and external compliance requirements in seconds rather than days.

      • Objective: Analyze how provisions align with controls and take action to address any identified gaps.
      • Actions:
      1. Click on the reverse icon to switch from Provisions to Controls mapping.
      2. Filter and view by selecting the authority ISO/IEC 27001:2013 and control set (blank) from the filter taskbar.
      3. Review the mapping details by clicking the arrow next to the provision to view the control mapping.
      4. Identify the gaps quickly and add additional controls if needed. Click the '+' next to controls to manually add additional controls, and link issues and actions to the provision by clicking the '+' next to issues and actions.

      Reporting for Stakeholders

      Reporting Controls Set to Authority Mapping provides stakeholders with a comprehensive view of the alignment between internal controls and external provisions, facilitating informed decision-making and ensuring ongoing compliance with industry standards.

      By leveraging Hailey AI and its cross-referencing capabilities, compliance professionals can streamline their efforts, identify overlaps and gaps, generate comprehensive mapping reports, and ensure ongoing compliance with the latest standards and frameworks.

      Prerequisites to be able to produce this report:

      1. Completed Hailey mapping.
      2. Have an  Authority Document.
      3. Build or import Control Sets.

      • Objective: Generate insightful reports for compliance and audit teams.

      • Actions:
      1. Navigate to the Analytics module.
      2. Select the menu icon and click browse.
      3. From browse, navigate to the dashboard section.
      4. Select Control Set to Authority Mapping.
      5. Utilize the filter feature to generate reports.

       

      By leveraging Hailey AI, 6clicks enables organizations to conduct a thorough Control Set to Authority Gap Analysis. This step-by-step guide empowers users to map policies and control sets effortlessly, identify gaps, and take action through the integrated Issues and Actions functionality.