Compliance is a measure of how many of the Controls that a Supplier has implemented align with the requirements that you have applied over that Supplier, within your applicable Policies.

It is calculated by looking at the applicable requirements in your Policies and comparing them against a Supplier's assessment.

For Compliant controls that you don't think should be compliant (due to the Supplier having not supplied enough information, or evidence), you can apply non-compliance. To find out how to apply non-compliance, click here.

For non-compliant controls you can request that a Supplier remediate the control. To find out how to launch a remediation action, click here

For non-compliant controls you can also apply an exemption. An exemption makes a non-compliant control compliant. You may want to do this if a Supplier falls under the requirement of a Policy, and when reviewed you no longer think that this requirement is relevant to the Supplier.

To find out how to apply an exemption, click here.

Did this answer your question?