We want to perform a third party audit of our vendor using a custom compliance package. However, we would need to change the category of our Vendor to “regulator” which does not make sense since they are not our regulator. They are our Vendor and we want to audit them to ensure they are compliant.
Question- Why only regulators are allowed as a selection in compliance package creation?
I agree with @ksaxena.
It would be great if for compliance packages you could import these against a regulator which I think is correct. However When in Compliance Management you should select the compliance packages you want to benchmark your own company against.
When in Third Party Audits when you select Add New should then give you the options to select the compliance package and the third party you want to benchmark against that compliance package.
Sometimes you may want to benchmark a supplier against a different type of compliance package than what you benchmark yourself against.
we are going to migrate third party / regulator types to compliance packages … so when you want to create a compliance package all is done there.
we are also preparing the system to accept what will become our public library of controls ,policies, etc … we will also support mapping in between compliance packages.
this will require multiple releases … https://github.com/eramba/eramba_v2/issues/2119 the first one will be in May.