In JupiterOne Compliance, you can link related policies and procedures from JupiterOne Policies to Compliance Controls. Polices and procedures document what your organization enforces to meet its level of cyber security compliance. When you link a policy and procedure, JupiterOne creates a link between a security procedure to a compliance control. Policies are very high-level descriptions that provide details on what you should do, and procedures explain how you can implement a control.
JupiterOne uses this data structure to make connections between written policies and compliance standards:
|-- IMPLEMENTS -> security_policy
|-- IMPLEMENTS -> compliance requirement or control
See our Compliance data model guide for additional information on how we structure this data in JupiterOne.
Linking policies and procedures to controls
In order to establish a link between policies and procedures, you'll need to have your policies created. When ready to map the policy to a procedure, navigate to the Compliance section of your JupiterOne workspace. From there, you can map a policy to a procedure by:
- Select a compliance framework, for example SOC 2
- From within the framework, select the control to which you'd like to link a policy
- If no policy is currently linked to the control, click the pencil icon in the Related policies & procedures section to add a policy. Choose the policy and procedure from within the drop-downs in the menu.
- If a policy is already mapped to the control, it will display within the Related policies & procedures section of the control. Clicking the pencil icon will allow you to edit the linked policy and procedure.
- Press Save after making the desired changes.