https://github.com/joho/test-comply

https://github.com/joho/test-comply

Last synced: 5 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/joho/test-comply
• Owner: joho
• Created: 2019-09-18T05:53:05.000Z (over 6 years ago)
• Default Branch: master
• Last Pushed: 2019-09-20T18:06:00.000Z (over 6 years ago)
• Last Synced: 2025-01-26T02:52:16.996Z (over 1 year ago)
• Size: 80.1 KB
• Stars: 1
• Watchers: 4
• Forks: 0
• Open Issues: 3
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Hecate Test Compliance Program

This repository consolidates all documents related to the Hecate Test Compliance Program.

# Structure

Compliance documents are organized as follows:

```

narratives/     Narratives provide an overview of the organization and the compliance environment.

policies/       Policies govern the behavior of employees and contractors.

procedures/     Procedures prescribe specific steps that are taken in response to key events.

standards/      Standards specify the controls satisfied by the compliance program.

templates/      Templates control the output format of the HTML Dashboard and PDF assets.

```

# Building

Assets are built using [`comply`](https://comply.strongdm.com), which can be installed via `brew install comply` (macOS) or `go get github.com/strongdm/comply`

# Publishing

The `output/` directory contains all generated assets. Links in the HTML dashboard a relative, and all dependencies are included via direct CDN references. The entire `output/` directory therefore may be uploaded to an S3 bucket or other static asset host without further modification.

# Dashboard Status

Procedure tracking is updated whenever `comply sync` is invoked. Invoke a sync prior to `comply build` to include the most current ticket status.

# Procedure Scheduler

Any `procedures/` that include a `cron` schedule will automatically created in your configured ticketing system whenever `comply scheduler` is executed. The scheduler will backfill any overdue tickets.

# Deployment Recommendation

Invoke a script similar to the following at least once per day:

```

#!/bin/bash

#

# prerequisites:

#   git access

#   ticketing configuration in comply.yml

#   upload.sh to publish static site

#

# get latest policies and procedures

git pull

# update ticketing status

comply sync

# trigger creation of scheduled tickets

comply scheduler

# build latest

comply build

# publish static site from output/ directory

upload.sh output/

```