The goal of this recipe is to provide advice on considerations for documentation and reports. Documentation is seen by many as a waste of time; however, for the compliance project, it is one of the key aspects to succeed.
There are different kinds of documents you have to create. The following list provides an overview of the most important ones:
Policies
Training documents
Testing and/or auditing documents
Policies must be available for different hierarchical levels within your company, with a different focus on each level. Examples of the different kinds of levels and their intent or target are as follows:
An overall policy provided by senior management to define the company's compliance culture
A policy that details the control, how it is implemented, the business process this control is used in, the regulatory requirements met by this control, and similar...