The policies in our Library have been carefully crafted so each article / requirement maps back to one or more HITRUST, SOC2 and HIPAA principles. This is designed to save you time and bring clarity to your compliance efforts. In order to see links to relevant controls, you must first activate your required frameworks / regulations in Settings: Frameworks/Regulations. Also, be sure to follow the instructions there to mark as Not Applicable any controls that do not apply to your compliance objectives.

Once activated, you will see that relevant articles will have controls pre-mapped under the controls tab.

You will find that each article in the policy is relatively short and to the point. You may need to tweak policy language in order to satisfy your business objectives. In some cases, you may need to complete remove an article if it doesn't apply to your organization.

For articles / requirements that are appropriate to your business requirements, we would advise dedicating most of your efforts toward writing a complementary procedure. Procedures should contain very detailed information. Think of procedures as a very detailed operators guide to performing tasks within the organization. Think: Who, Where, When, How, Why.

Did this answer your question?