Compliance Administrators (and only Compliance Administrators) have the ability to create and manage Compliance Policies (see What is a Compliance Policy? for an overview of Compliance Policies).
This section covers:
- The lifecycle of a Compliance Policy
- Viewing the current Active Policy
- Adding a new Compliance Rule
- Previewing the impact of a Compliance Policy change
- Activating a Compliance Policy
Lifecycle of a Compliance Policy
As described in What is a Compliance Policy?, a Compliance Policy is all of the Compliance Rules you have defined across all Compliance Types. For this reason, there is only ever one single, global Compliance Policy that is in effect or “Active” at any given time. That Active Policy is the total of the compliance requirements you want in force right now.
As with anything, rules and requirements come and go or require tweaking. Compliance Administrators need to be able to handle those changes smoothly and efficiently. The Compliance Policy allows a Compliance Administrator to effect those changes.
The first step in introducing a new Compliance Rule is to add it to the “Draft Policy” (shown shortly) The Draft Policy starts out as an identical copy of the Active Policy and you can start making changes from there. These changes include:
- Adding new Compliance Rules
- Deleting existing Compliance Rules
- Tweaking an existing Compliance Rule
Why make changes to a Draft Policy rather than directly to the Active Policy? The main reason is that by making changes to the Draft Policy first you can preview the impact of those rule changes before putting them into effect. This gives you the opportunity, for example, to introduce a new requirement without immediately flagging all affected assets as “in violation” because of course this is a new requirement and none of them have the required certification.
For this reason there is only one Draft Policy at any time. Once you are satisfied with your changes to the Draft Policy, you can “Activate” that Policy, thus making it the new Active Policy.
The previous Active Policy is replaced but is still available as for historical reference so you have a complete audit trail of what Policies and Rules were in effect when. You will also be able to see when they were changed and by whom.
Once a new Active Policy is created, a new Draft Policy is generated as an identical copy of the newly published Active Policy and the cycle begins again.
This lifecycle is described in detail in the following sections.