Compliance Tools

Compliance Exchange

The Compliance Exchange is a group of functional level compliance officers, subject matter experts (SMEs), and policy owners set up to coordinate and communicate through the exchange of information.

The Compliance Exchange allows sharing of:

  • common compliance issues and ideas;
  • news and current events;
  • resources and tools;
  • activities and initiatives; and
  • professional development and training opportunities.

Anyone with compliance responsibility at any Indiana University campus may participate in the Compliance Exchange.  

If you are a compliance professional at IU and would like to be a part of the Compliance Exchange, please contact us at compliance@iu.edu.

top

Compliance Obligations

Obligations and requirements to which the university must comply:

External obligations:

  • Ongoing rules and regulations, accreditations, laws, and contractual obligations

Internal Policies:

top

Training and Agreement Tracking (E Training)

One of the keys for achieving compliance in any area is the provision of initial and recurring employee awareness and training about the compliance requirements. E Training is an enterprise tool that houses employee compliance training content and agreements that employees are required to assent to, and to track employee completion of training. 

Compliance staff throughout the university use the tool to write new or import already developed content. The system tracks completion of the training and provides the compliance staff with data to manage full compliance with the training requirements. The system may be set to require the training at certain recurring intervals, such as annually. 

For additional information, please email us at etraining@iu.edu or click here:  http://protect.iu.edu/tools/etraining.

top

Governance, Risk, and Compliance (E GRC)

A Governance, Risk, and Compliance (GRC) tool is an enterprise system used for the integration and alignment of those three areas necessary to avoid conflicts, wasteful overlaps and gaps. Through coordination, communication, and workflow processes, IU’s Enterprise Governance, Risk and Compliance (E GRC) tool assists with:

  • collecting information about regulatory, legal, and institutional policies and standards safeguard obligations;
  •  orchestrating compliance activity, assessing risk and compliance adherence, and identifying control weaknesses; and
  •  providing feedback to units and administration, typically through a "dashboard," such that they can prioritize risk and align resources in a more effective manner.

As a means to achieving the aforementioned benefits, the E GRC is built upon a solid foundation that includes: compliance management, risk management, process governance, incident management, privacy, and vulnerability management. Powerful enterprise statistics and analyses can be completed and provided to university executive administration and other appropriate areas such as compliance officers, legal counsel, and internal audit. This will enhance university-wide compliance planning and enable offices to more effectively identify where to focus awareness, education, and resources.

For more information about the EGRC, contact us at egrc@iu.edu.

top

Resources

 

Unified Compliance Framework (UCF)

The Unified Compliance Framework (UCF) is a complex database with multiple elements. These elements reflect over 400 authority documents and are beneficial as stand-alone references, or as intertwining templates that address requirements through the linking of sources to harmonized controls. For example, the information is beneficial as a framework in a Governance, Risk, & Compliance (GRC) program.

To access the Unified Compliance Framework, visit:  https://protect.iu.edu/tools/ucf.

Indiana Security & Privacy Network (InSPN)

An Indianapolis-based volunteer, not-for-profit organization designed for organizations, individuals and other parties who are interested in security, privacy and data exchange best practices. The objective of the group is to support collaboration and the sharing of information and knowledge of these best practices and regulatory compliance issues that affect all Indiana industries. For more information, click here:  http://www.inspn.org/.

Indiana University sponsors an institutional membership which pays for registration fees for five employees to attend programs.

OCEG

OCEG is a nonprofit organization that assists organizations drive principled performance and integration of governance, risk management, and compliance processes through the guidance of standards, community practice, and evaluation criteria while acting with integrity.

Indiana University is a premium member, with access to multiple resources including the Burgundy Book:  GRC Assessment Tools and the Red Book:  GRC Capability Model.

Society of Corporate Compliance & Ethics (SCCE)

A nonprofit organization dedicated to improving the quality of corporate governance, compliance and ethics through the facilitation and maintenance of compliance programs, professional forums for understanding the compliance environment, and providing resources.

Subject Matter Experts

A list of IU compliance professionals or “subject matter experts” (SMEs) is maintained. For more information, feel free to contact us at compliance@iu.edu.

top

Compliance Awareness Poster

Compliance awareness posterDownload a compliance awareness poster.

top