Question - Update a Compliance Package

So lets say PCI comes with an updated version and you are in the need of updating your Compliance Package library, how you go around that using eramba?

Unfortunately for now (until the new template is done) is done manually, my approach is the following:

1- review the number of changes on the standard, there is typically a changelog that describes what changed item by item.

If the changes are huge, i create a new third party and upload the new version with a CSV and link all controls, policies etc again using mass edits.

If the changes are not huge, i “Duplicate” the existing compliance package (this makes sort of a backup) and edit one by one the changes (typically adding, removing or editing existing items) using Compliance Management / Compliance Packages

The import functionality on the Compliance Packages is very old and only now on the new template has been updated. We could work on that import functionality a little bit more to try identifying differences and suggest you what is missing or not … in fact it makes a ton of sense.

I just githubed that so we keep it for a second release after the new template is out:

1 Like

Thanks for posting the question.

  1. It would be great if we can get a automatic “diff” version of “CSV” files we upload through import functionality. Then based on upload, eramba gives us a way to keep the change or restore to original.

  2. The ability to retain or restore version of every requirements update is also a great tool to have. Since sometimes, one has to present/ submit evidence for previous version of requirements.

Yep - this was githubed , once we finish the new template