Each customization and each translation can magnify the amount of work.
For example, any parent control or larger framework may need updating.
Juggling the number of changes can be frustrating to manage.
Each change to your existing compliance framework will pose a challenge.
That means that instead of just updating the controls within the new framework, you now need to update your internal inventory of controls that reference the new changes.
For example, if you are updating controls form PCI 3.0 to PCI 3.1 that would be a somewhat straightforward update.
Although updating frameworks poses a risk to every audit, compliance professionals should be proactive. Challenge # 2 – Updating the controls If you store your controls in a central repository, you will be able to update the controls faster.
Hunting down all the files across many locations will pose a bigger challenge.
If you can, use a tool that will evaluate each change and trace it through to your test plans, audit dependencies, and update the underlying data.