Creating a compliance map

Centralize the documentation of requirements and their mapped controls, and automatically aggregate testing results and issues to easily assess compliance requirements coverage and report on compliance status in real-time.

Workflow

The following steps outline how to create and manage your organization’s compliance mappings:

  1. Framework setup Establish a compliance framework with controls tailored to your organization’s regulatory and operational needs.

    1. Integrate Framework with Projects Import controls into individual projects to standardize compliance practices across teams. Ensure controls are consistently available for linking and implementation.

    2. Validate Framework setup Evaluate the design and effectiveness of your controls.

      • Log procedures and walkthrough results.

      • Test control functionality.

      • Identify and document gaps or weaknesses to address compliance risks.

  2. Add standards or regulations Import industry standards or regulations from the Compliance Library or create custom entries to meet specific needs.

  3. View requirements Create or update requirements and their associated details to manage applicability and track coverage across your organization.

  4. Work with linked requirements Link controls to relevant business requirements to demonstrate compliance coverage and simplify audit processes.

  5. Track compliance progress Track the status of each requirement to identify gaps, measure progress, and ensure continuous alignment with compliance goals.

  6. Generate a summary report Export reports in the Excel format to share compliance status with auditors, stakeholders, and leadership.

Note

While working in Compliance Maps, you may notice that some imported standards and regulations are locked. A lock icon indicates that these actions are read-only.

This is because when standards and regulations are sourced, providers sometimes specify that customers cannot modify the content of the templates they provide. As a result, modifications are not allowed, including editing any part of the standards, regulations, or associated requirements; adding subrequirements; or deleting requirements.

Add standards or regulations

Add a standard or regulation to your compliance map manually, or import available standards and regulations from the Compliance Library. To view standards and regulations in the Compliance Library, see Importing standards and regulations, section Manage Diligent-provided standards or regulations .

  1. From the Launchpad home page (www.diligentoneplatform.com), select the Compliance Maps app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Compliance Maps app.

    Note

    Diligent One Platform also supports the domain www.highbond.com. For more information, see Supported domains.

  2. Complete any of the following tasks:
    TaskSteps
    Import available standards or regulations
    1. Select Import standard or regulation.

      The Compliance Library opens.

    2. Search for and choose the standards or regulations you want to import.

      Some standards and regulations are only available in read-only format. For more information, see Importing standards and regulations.

      Note

      Certain standards and regulations are only available by subscribing to Diligent Content Suites. For more information, see Content & Intelligence Gallery.

    3. Select Import.
    4. After the import is complete, select the Open button for the newly imported standard or regulation.

      Result – You will be taken to the Compliance Maps home page with the side panel open for the newly imported standard or regulation, and the standard or regulation expanded in the list view to show its top-level requirements.

    5. Skip the steps under Add requirements and proceed to Specify if requirements are applicable and covered.
    Accessing additional standards and regulationsSome standards and regulations display a Contact for access label. Contact your Customer Success Manager to learn how to access these standards and regulations.
    Manually add a standard or regulation
    1. Select Create new.

      The Add standard and regulation side panel opens.

    2. Enter the following information:
      • Title Name the standard or regulation.

        The character limit is 255. The name must be unique.

      • Description (optional) Provide a description of the standard or regulation.
        Note

        Rich text fields cannot exceed 524,288 characters.

    3. Do one of the following: 
      • To add the standard or regulation and close the panel, click Save and Close.

        The standard or regulation is added to the compliance map.

      • To add a requirement to the standard or regulation, click Save and add requirement, and proceed to step 3 of Add requirements.

View and Manage standards or regulations

The Regulation page provides a comprehensive view of a regulation. It enables you to search for specific requirements within the regulation and view the statuses of these requirements along with their associated controls.

To view a regulation, follow these steps from the Compliance Maps home page:

View Steps
High-level details

To view details such as title, description, and source of a regulation, select Show details from the More menu in the Actions column.
Detailed view

  1. Select the standard or regulation name.

  2. On the regulation page, do the following:

  1. Review the list of requirements, their relationships such as number of linked controls and requirements, and their status.

  2. Search for specific requirements within a regulation by entering ID, title, or description.

  3. View requirements descriptions within the overall context of the regulation.

  4. Create subrequirements for a standard or regulation by selecting +Add new sub-requirement.
    When you add subrequirements, they are added to the same hierarchy as the top-level view of a regulation. This ensures the subrequirement is contextualized within the full scope of the regulation and added directly at the requirement level.

  5. Switch between regulations by selecting the switch icon , then choosing the standard or regulation from the list.

  6. Navigate to the requirements details page from the regulations page by selecting the Details button next to a requirement.

View requirements

You can view the requirements from the regulation page. To navigate to the Requirement details page, open a regulation and then select Details.

Add requirements

Add requirements to populate your compliance map.

  1. From the regulation page, select Details next to a requirement or from the Compliance Maps home page, select a requirement.

  2. In the requirement details page, select + Add new sub-requirement from the More menu.

  3. Enter the following information:
    • ID Enter the identifier of the requirement.
    • Title (Optional) Name the requirement.

      If you do not enter a title, the first 255 characters of the requirement description displays as the title in the tree view, and is stripped of any HTML or rich text formatting.

    • Description Provide a description of the requirement.
      Note

      Rich text fields cannot exceed 524,288 characters.

  4. Do one of the following:

    • Save and add another Select this option to save the requirement and add another requirement at the same hierarchical level in the tree view.

    • Save and Close Select this option to save the requirement and close the Add new sub-requirement side panel.

      The new requirement is highlighted in the tree view and ordered based on ID. In the case that two requirements have the same ID, a secondary ordering method is automatically applied based on the date the requirement was created.

      Note

      • All requirements are ordered automatically. You cannot configure the order of requirements.

      • The number of requirements added to a standard or regulation appears beside the name of that standard or regulation in the list.

Specify if requirements are applicable and covered

Apply professional judgment to determine and rationalize optimal coverage that is sufficient for the organization.

  1. From the Compliance Maps home page, select the title of the requirement.

    The Requirement details page opens.

  2. In the Status section, from the dropdown list, select one of the following:

    • Not Applicable: Select this option only if the requirement is not applicable for your organization.

    • Applicable - Not Covered: Select this option if the requirement is applicable but not yet covered.

    • Applicable - Covered: Select this option if the requirement is applicable and already covered for your organization.

    Note

    By default, all parent requirements are applicable and not covered. When you create a new sub-requirement, the sub-requirement inherits the Applicable and Covered values from the parent requirement.

  3. (Optional) Select Write rationale to explain why a requirement is marked as applicable, not applicable, covered, or not covered.
    Tip

    You can also copy rationale statements from related requirements. For more information, see View requirements.

Work with linked requirements

If you have imported standards or regulations from the Compliance Library, you can view related requirements or add rationale statements from related requirements.

Diligent collates related requirements based on industry-approved mappings. The maximum number of related requirements you can view is 300. For more information, see Relationships between controls and requirements.

  1. From the Compliance Maps home page, select the title of the requirement.
  2. On the requirement details page, expand the Linked Requirements section and filter by standards and regulations.
    This shows a list of related requirements along with their statuses. You can check the regulations related to the new requirement.
  3. Select a linked requirement.
    A side panel opens displaying the requirement details. The Rationale section displays rationales from related requirements.
  4. Select Add to include the rationale.
    The new rationale appears in the Rationale section in the requirement details page. 

    If the requirement you are working on already has a rationale statement, the new rationale is appended to the bottom of the existing rationale.

    Tip

    To make further modifications to the rational statement, use Edit rationale option.

  5. Import standards or regulations that contain related requirements If there are related requirements that are not imported to your compliance map, do the following:

    1. In the requirements details page, next to Linked Requirements section, select Import Relevant Regulations.

    2. Select the title of an authoritative document to start the import process.

      This takes you to the Compliance library.

Link controls to requirements

Showcase your organization's adherence to specifications relevant to the business by linking controls to requirements. Linked requirements also appear in Control X-Ray and help auditors familiarize themselves with a control based on these requirements.

You can link controls to requirements, either by following automatic suggestions or by manually browsing controls.

Note

The maximum number of controls you can link to a single requirement is 300.

Use the Diligent One Platform AI Suggestion Service to receive recommendations for relevant controls from the available control set based on specific requirements. You can choose to follow these AI-driven recommendations or manually browse and select suitable controls.

To link controls to requirements, follow these steps:

  1. From the Compliance Maps home page, select the title of the requirement.
  2. In the requirement details page, select Link controls.
    The Link Controls panel opens.
    Note

    If you do not see Link controls, it means that you are viewing an ancestor or descendant of a requirement that cannot be mapped. You must remove existing mappings in the group before you can map additional controls. For more information, see Relationships between controls and requirements.

  3. In the Link Control panel, you can do the following:

      1. Search for a control by entering a keyword in the search box.

        You can search for controls by Objective title, Control ID, Control title, or Control description. Search terms are highlighted in the results.

      2. Select Filter to filter controls by frameworks or objectives.

        The search works in combination with any applied filters. If you select a framework or objective filter, and you search for a control, you are only searching within the specified framework or objective.

        • Select the side arrow to expand a framework and view a list of objectives. Select the side arrow next to the objective to view a list of controls.
        • If applicable, select View more to show all frameworks in the Diligent One instance.

      3. Click AI Suggestions to find the most relevant controls for each requirement. This feature leverages AI integration to deliver improved suggestions, ensuring better matches. It identifies suitable controls by comparing the descriptions of requirements and controls. Scroll down and select Load More to view additional suggestions.

  4. Select Link beside each control you want to link to the requirement.

View and manage linked requirements

The Linked Control section of the Requirement details page displays the list of linked controls. When you select a linked control, you can perform actions as described in the following table:

Action Steps
View the linked requirements in detail

The following information is displayed in a detailed view as a side panel:

  • Control ID The control identification code.
  • Owner The person responsible for the control.
  • Control title The title of the control.
  • Description Detailed information about the control.
  • Framework The framework where the control is coming from.
  • Testing results Control tests that have passed, failed, and controls that have not yet been tested.
  • Issues An aggregate number of open issues across all project controls linked to the framework control.

    Selecting the issue count link provides a pop-up list of issues. You can select an individual issue to navigate to detailed information.

    Note

    The aggregate issue count is based on all open published issues from active projects that are associated with walkthroughs, test plans, and testing rounds.

Compare Control and Requirement description

When control data is open in the side panel, you can compare the control description with the requirement description by scrolling through both columns side by side. This is essential for initiating compliance work and ensures a clearer understanding of legal requirements.
Update Control weight

To indicate the percentage of the requirement that the control covers, adjust the Control weight.

You can indicate a value between 0 and 100%. The default coverage is 100%.
Navigate to framework

Frameworks

application
  • To navigate to the control in the framework, select the ID link.
  • To navigate to the framework, select the framework link.
Add or remove controls
  • To remove the control association from the requirement, select Unlink.
  • To link additional controls to the requirement, select + Link control.
  • To view a list of controls that have been linked to a single ancestor requirement, or all descendant requirements, and the aggregate number of issues for each control, view the Related controls section.
    • Selecting the control ID link redirects you to the Control page in the applicable framework.
    • Selecting the issue count link provides a pop-up list of issues.

      You can select an individual issue to navigate to detailed information.

 

Generate controls for requirements

If you're unable to find relevant controls for requirements through manual browse or AI suggestions, often due to new or evolving regulatory demands, use control generation in Compliance Maps. This feature quickly generates appropriate controls for you.

For instance, when General Data Protection Regulation (GDPR) was introduced, many organizations lacked internal policies and controls for managing personal data. Control generation supports you in similar scenarios where no clear precedents exist.

Control generation provides key elements of a control, such as a title and description, serving as high-level guidance to help utilize the controls effectively. This feature bridges gaps in the requirements, removing the need to build new controls from the ground up. It simplifies the workflow and saves time, especially in the initial stages of setup.

To generate controls:

  1. Select Generate controls with AI.
    The system automatically generates a list of controls.

  2. Browse the controls list and select a control you want to use.

  3. Review the control, copy its title and description, and paste them into your control library.
    If needed, you can modify the control title or description directly within your control library.

Track compliance progress

You can filter the list of requirements to track your compliance progress.

To track compliance progress, go to the Compliance Maps page and complete any of the following tasks:

TaskSelect option or perform actionWhat you see
View all applicable requirements across all regulations and standards.

Applicable

A list of all applicable requirements, whether or not they have been marked as covered.
View requirements that have not been identified as covered.Not covered (Gaps)

A list of applicable requirements that are have not been identified as covered.

View requirements that have been identified as covered.CoveredA list of applicable requirements that have been identified as covered.
View requirements that have been specified as not applicable.Not Applicable

A list of all non-applicable requirements.

Search for requirements.Enter a keyword or phrase in the search box.A list of requirements that match your search term or phrase.

View summary information about a standard, regulation, or requirement, including:

  • the extent to which it is covered or not covered.
  • whether or not it has been identified as covered.
  • whether or not it has been associated with at least one control.
  • the aggregate number of open issues associated with it.
  • the current assurance calculation for a standard, regulation, or requirement.
Consult the Coverage, Covered, Issues, Controls and Assurance columns in the nested tree view.
  • Coverage The percentage of requirements for a standard or regulation that have been identified as covered. Learn how coverage is calculated.
  • Covered An indication ( or ) of whether or not a requirement is covered (based on your identification of the requirement as Covered or Not Covered. Standards and regulations are considered covered when all of their requirements have been identified as covered.
  • Issues An aggregate issue count associated with each standard or regulation, and with the topmost (root) requirements in the tree. Selecting the issue count link provides a popup list of issues. You can select an individual issue to navigate to detailed information.
  • Controls An icon () indicates requirements that have had at least one control linked to them.
  • Assurance A calculation that represents your organization's confidence in requirements being met. Learn how compliance assurance is calculated.

Generate a summary report

Demonstrate your organization's compliance progress by generating a summary report.

  1. Select Compliance Summary Report.
  2. Download the Excel report (.xlsx) to your computer.

    Any applied filters that you apply on the Compliance Maps page are reflected in the report. Each standard/regulation is displayed on a separate worksheet.

    Tip

    Manually created requirements that are indexed alphanumerically in your compliance map may be ordered differently in your Excel report. To achieve the same ordering, you can use the following naming strategy for your requirements:

    • Parent requirement alphabetical ID

      Example A1

    • Sub-requirements alphabetical ID + numerical ID

      Examples A1-01, A1-02, A1-03