hdr_logo_top.gif
hdr_logo_bottom.gif

The support site for the Unified Compliance Framework


The Role Description standard

Role descriptions are much like job descriptions, however GRC roles are focused upon activities assigned to the various controls and audit items. This document acts as the UCF's roles description standard for defining how to define and document organizational roles.

The Role Description standard is designed to be linked directly to the UCF XML database so that each role can be updated as new, modified, or deleted controls are assigned to the role.

The Role Description

[image]

Organizational Role description

The contents of the Role Description are as follows:

1. The Role Title is just as it sounds.

2. The Role ID is the unique and persistent ID for the particular role. Each Role-ID is a seven digit number.

3. The Revision Date reflects the most recent date that the role was updated in any form or fashion, including spelling, description changes, and changes in assigned controls.

4. The Role Description is a short definition of the role summarizing the various assigned controls. This description is used by mappers when making the decision on whether to map the role to a particular control or not. Organizations can use this description field as a short summary of the role.

5. Assigned Controls are the controls that this role has been assigned to. In the current version of the UCF, the assignments are generic. In future versions of the UCF, the assignments might possibly be configured as RACI-type assignments.

Where does the information come from?

The information in the Role Description standard comes from the UCF's XML database. We'll repeat each of the fields here with a descriptor for where the information can be found within the XML specification documents. The Roles XML specification can be found HERE.

Information

XML Source Field

The Role Title

UCF_Role_Name

The Role ID

UCF_Role_ID

The Revision Date

UCF_Role_Date_Modified

The Role Description

UCF_Role_Description

Assigned Controls

See Building the Assigned Controls list below

Building the Assigned Controls list

The Assigned Controls list is derived from the join table that connects the UCF Controls List and the UCF Roles List, with a few added calculations for formatting purposes.

To begin with, you'll want to create a new field in whatever table holds your Controls list that is the combination of the Control Title plus a bracketed Control ID. We'll call this element Title_with_ID.

You'll then connect your Roles List to your Controls list through the Controls to Roles Join as shown in the diagram below.

[image]

Then within the Roles list, you'll want to create a new field that creates a bulleted list of all related Title_with_ID elements, such as "List(Controls_To_Roles_Join::Title_with_ID)." That's it really.

Posted on December 23, 2009 3:08 PM |

Post a comment
 
 
 
Recent Site Updates
The UCF Acronym XML specification
The UCF Glossary XML specification
The UCF Common Metric Enumerator XML specification
Testing for uniqueness
Migrating an XML file into a database
Privacy Policy