Expert Guides
      Back to home
      1. Knowledge Base Home
      2. Getting Started
      3. Expert Guides

      Hailey AI: Control Set to Authority Gap Analysis

      Map policies and control sets to authority documents automatically and address any gaps within the platform using the 6clicks Issues and Actions functionality

      Topics covered in this article:

      1. Understanding Controls to Provisions Mapping
      2. ​Data Collection and Integration
      3. Framework Identification and Scoping
      4. Controls to Provisions Mapping
      5. Provisions to Controls Mapping
      6. Reporting for Stakeholders

      Introduction

      Meet Hailey, the cutting-edge artificial intelligence (AI) system developed by 6clicks, designed to automate standards, frameworks and regulatory mapping and to streamline risk and compliance activities. Hailey leverages advanced machine learning algorithms to empower organizations to navigate complex regulatory landscapes effortlessly.

      Key Benefits of Hailey:

      1. Efficiency Enhancement: Hailey significantly boosts efficiency by automating compliance mapping processes, reducing the time and effort required for such activities

      2. Accurate Insights: Through its advanced AI capabilities, Hailey ensures precise and up-to-date data, offering organizations usable insights into regulatory compliance requirements and related compliance posture

      3. Risk Mitigation: By providing a comprehensive overview of regulatory landscapes, Hailey enables proactive risk management and ongoing compliance, helping organizations avoid GRC challenges and pitfalls

      How 6clicks leverages artificial intelligence today includes:

      1. Compliance mapping: Comparing authority documents (standards, laws, and regulations) made of individual provisions (clauses) to identify similarities and differences. This is extremely helpful for assessment cross-walking and streamlining multi-framework compliance.
      2. Policy/control gap analyis: Comparing policies/controls defined in 6clicks with authority documents to identify coverage and gaps
      3. Policy/control set development:  Helping to draft policy/control set descriptions through synthesizing and paraphrasing linked provisions into controls
      4. Assessment questions mapping: mapping similar audit and assessment questions previously answered
      5. Assessment response generation: Generating a suggested answer to a question in an assessment based on similar questions previously answered

      Understanding Control Set to Authority Gap Analysis

      This process, facilitated by Hailey AI, involves mapping internal controls with external provisions in specified target authorities (standards, frameworks, and regulations) to identify areas of compliance and non-compliance. 

      To achieve a successful mapping request, an internal control set or policy must exist in the Policies & Controls module and any external requirements must have been added to the Compliance module. 

      Download or import your control set

      • Objective: Lay the foundation for comprehensive analysis by accessing the 6clicks content library and adding a templated internal control set, which you will then map to an authority.

      • Actions:

        1. Use 6clicks Content Library to collect relevant control sets & Authority documents 
        2. Select the relevant Control Set or utilize your own via the import process.
        3. Select details and then add content

      Framework Identification and Scoping

      • Objective: Clearly define the scope of frameworks to be analyzed

      • Actions:

        1. Navigate to the Controls module
        2. Find the Control set or Policy document that you wish to map 
        3. Review the statements held therein and ensure they accurate for a successful mapping

      Controls to Provisions Mapping

      Controls to Provisions Mapping is a crucial process in regulatory compliance and cybersecurity management. It involves aligning internal controls with external provisions from standards or regulations. The primary goal is to create a clear link between implemented controls and external regulatory requirements. The control set should be in edit mode to accomplish the following.

      • Objective: Navigate controls and policies seamlessly, mapping them to authority documents for a comprehensive compliance overview
      • Action Steps:
      1. Navigate to Controls and select the Control set or Policy document of your choosing
      2. Access the Mappings tab (the control set must be in edit mode)
      3. Create a new mapping with Hailey. Currently only cyber security and privacy content is supported.  Select the authority or authorities and click on Map authorities.
      4. Once the mapping has completed, while you are still reviewing the mapping screen, you will see your manually mapped authority represented by links with a percentage similarity mapping to your target authority.  You can choose to link or unlink those provisions as fits your organizational needs. 
      5. On the Controls tab, as you click on each control, you can review the Linked data heading on the right of your screen for each associated authority provision tied to that specific control

      Provisions to Controls Mapping

      The primary objective of provisions to control mapping is to understand the overlap between your internal controls and external compliance requirements in seconds rather than days.

      Objective: Analyze how provisions align with controls and take action to address any identified gaps

      Actions:

      1. Click on the reverse icon to switch from Provisions to Controls mapping

      2. Filter and view by selecting the authority of your choosing

      3. Review the mapping details by clicking the arrow next to the provision to view the control mapping

      4. Identify the gaps quickly and add additional controls if needed. Click the + icon next to controls to manually add additional controls. Link issues and actions to the provision by clicking the + icon next to issues and actions.

      Reporting for Stakeholders

      Reporting Control Set to Authority Mapping provides stakeholders with a comprehensive view of the alignment between internal controls and external provisions, facilitating informed decision-making and ensuring ongoing compliance with industry standards.

      By leveraging Hailey AI and its cross-referencing capabilities, compliance professionals can streamline their efforts, identify overlaps and gaps, generate comprehensive mapping reports, and ensure ongoing compliance with the latest standards and frameworks.

      Prerequisites to be able to produce this report:

      Objective: Generate insightful reports for compliance and audit teams


      Actions:
      1. Navigate to the Analytics module
      2. Select the menu icon and click browse
      3. From browse, search for and select, for example, the "Control Set to Authority Mapping" or "Authority to Control Set Mapping" report
      4. Utilize the filter feature to generate reports

      For more information about 6clicks' use of AI and ML technologies click here.