The compliance view is the main view where you can get a detailed overview of your compliance to any specific framework (this was previously the 'compliance report').
Here you can drill down into the specific requirements of the framework and see what work and what gaps are present for each requirement. For each requirement you will see a coverage score from none to strong, indicating the status of your compliance to that requirement. Below each requirement we will also provide suggested tasks to complete to improve the coverage of the requirement.
Our tasks are best practice suggestions, representative patterns a typical implementation often uses, not a fixed list to check off. The coverage status reflects whether coverage is actually in place and how strong it is, not how many of our suggestions you've ticked off. The judgment of whether Adequate is enough for a given requirement, or whether to harden to Strong, should often relate to your context and available resources.
When the coverage is none, that means that no active tasks support the requirement yet and the suggestions to improve are highlighted. At partial coverage, a few tasks are already active, but there are still some compliance gaps. At adequate coverage, the requirement is well covered, but it can be decided that this level is not yet enough, in which case strengthening to strong coverage to completely address the requirement would be the best option.
The compliance view and workflows
While the compliance view gives you a good overview of everything related to compliance in a framework, it does not give a good perspective on continuous compliance management. This is where the workflows come in. The workflow pages are designed to show you the different important steps in maintaining your compliance in an ongoing fashion, meaning that you compliance work is not complete with just the compliance view; the workflows and compliance view go hand-in-hand. Read more about the workflows.
