How does GRC: Policy and Compliance Management track compliance to Authority Documents?

Compliance tracking relies on tying the authority references to the tangible control objectives, and using the outcomes of control testing as the basis for compliance status. In Policy and Compliance Management, Authority Documents capture requirements and include Citations that refer to specific controls or standards. Those Citations are linked to the control objectives—the explicit statements of what the controls are designed to achieve. When controls are tested, you get a result of compliant or non-compliant, and that result is associated with the control objective it covers. Because the Citations point to the control objectives, the testing outcomes can be rolled up to show whether the Authority Documents are being satisfied. This structure also provides a clear audit trail: you can trace a non-compliant control back to the exact authority reference that requires it, and then address remediation to restore compliance.