This page contains information to assist our customers with utilizing the Catalog module in RegScale. It describes what it is, why you would use it, the benefits, and provides instructions on getting started.
A catalog is a law, regulation, or other governing document that represents a collection of controls. Catalogs are typically used to govern security and privacy programs (NOTE: they may also be used for other programs such as environment, safety, physical security, etc.) and examples include NIST 800-53, HIPAA, PCI, and GDPR.
Catalogs are used by the builders to generate Security Plans, Components, Projects, Policies, and Supply Chain contracts (which typically consist of many security controls that impact specific asset(s) or system(s)). There are many reasons to implement catalogs which include:
- Flowing down requirements/controls from laws, regulations, or other governing documents
- Consistently generating artifacts for System Security Plans, Components, etc.
A catalog results in multiple benefits for an organization; to include:
- Improving quality by using a single source of truth for requirements/controls
- Reducing manual labor to handle changes to regulations
- Reducing the time needed to create artifacts by powering the RegScale builder systems
The catalog module in RegScale Community Edition (CE) provides a number of key features that are useful in managing a robust program, to include:
- Tracking changes to the catalog over time and flowing down changes to related artifacts
- Real-time tracking and dashboards
- Automation via our Application Programming Interfaces (APIs)
- Single pane of glass assignment tracking via our work bench
- Automated workflows for review and approval
- Social collaboration via our News Feed (LinkedIn for Compliance) and real-time commenting system
- Audit history including every view, update, print, email, etc.
Updated 3 months ago