Author compliance controls, build validation procedures, and run compliance tests by
using Process Compliance Navigator. IT Compliance shares the Controls Management capability with
Process Compliance Navigator, so your compliance team uses the same authoring experience to
define controls that enforce ISO 27001 and other compliance frameworks across your IT
processes.
Required Editions
Available in: Lightning Experience
Available in: Enterprise, Performance, and Unlimited
Editions with Agentforce IT Service.
User Permissions Needed
To author compliance controls and validation procedures:
Compliance Admin permission set
The Controls Management features that IT Compliance uses live in the Process Compliance
Navigator app. From there, compliance officers create and version compliance controls, group
controls into validation procedures, configure context definitions and expression sets, test
control operating effectiveness, and map controls to the business operations processes and
assets they cover. IT Compliance teams use these same features to govern IT Service records
such as incidents, change requests, and service requests.
Use the topics in the Process Compliance Navigator help to complete each task.
Create and version compliance controls to enforce your regulatory and policy
requirements.
Group compliance controls into a validation procedure so that the procedure runs every
time a business process invokes it. Use validation procedures to enforce compliance checks
on IT Service records, such as making sure that an incident's root cause analysis meets
compliance requirements before closure.
Evaluate the operating effectiveness of your compliance controls and capture verifiable
evidence during the execution of a test. Use compliance test executions to give regulators
and auditors confidence that your controls work as intended.
For controls that don't run automated validations, such as manual reviews or external
processes, log compliance evidence through the Compliance Logging API.
Link a compliance control version to the business operations processes it protects so
that process owners can see which safeguards apply to their workflows.
We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required Cookies
Always Active
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional Cookies
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising Cookies
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.
