Generating Reports in PrivacyCentral

The reports provide access to key information about a particular law or standard so you can quickly and easily understand how it applies to your organization and how it aligns with the TrustArc Framework. It outlines the key details, including a brief description, why it is applicable, how it is enforced, and its mapping status against the TrustArc Framework. It gives insights into what areas need focus to ensure that the necessary controls to comply with the law or standard have been implemented.

You can generate the following reports for each relevant law or standard:

Summary Report

To generate a Summary Report:

  1. Navigate to the Applicable Laws and Standards section of the Program Overview page.
  2. Click a standard name to open the Insights by Law page.

  3. Scroll to the bottom of the page and click on the Summary Report icon to download the summary report.

The following sections make up the summary report:

  • Name and Description of the Law or Standard

    This section contains basic information about the law or standard. This contains the legal name of the law, a brief description, and information about the development and revision of the law or standard in the platform, including the region the law applies to and its alignment with the TrustArc Framework. Look at the illustration below:

  • Applicability and Enforcement of the Law or Standard

    Applicability is a summary of the many clauses or stipulations where the selected law or standard may apply in terms of organizations, data types, individuals, and the law’s or standard’s scope and jurisdiction.

    Enforcement gives an overview of how the regulatory body ensures compliance with the law, the prescribed penalty of the law or standard, right of action for any privacy rights violation as defined in the law or standard. As an example, consider the image below:


     
  • Mapping Status 

    Provides the current status of the alignment of the specifically identified controls in the law or standard with TrustArc’s Privacy and Data Governance Accountability Framework’s pillars and standards. As an example, refer to the figure below:

Audit Log

You can obtain a summary report of any framework, law, or standard audit logging by selecting the Audit Log (.csv) option from the Download drop-down on the Review page. 

The report shows the documented activities or events within the system used across your organization.

The record shows the org unit, date and time at which it occurred, the responsible user, law, control identifier, the occurrence of an event, and the summary or details of the activity.


 

In-Progress Report

You can download the In-Progress Report for an offline and more convenient view of your Framework, Law, or Standard compliance. Only a reviewer can obtain the report from the Review Page.

  1. On the Review page, click the Download button and select In Progress Report (.pdf).

  2. Select your options to include the assignee names or comments in the In-Progress Report. Click the tick boxes in the popup window. Then, click Generate to download.

The following are some highlights from the in-progress report:

  • Overview of Progress and Effectiveness based on the Framework pillar of Build, Implement, Demonstrate, and Overall

  • Overview based on Controls and their corresponding status definitions


    NOTE: The numbers for every status are clickable and will take you to the Review page.

  • Overview of Tasks by Statuses

    Click on any of the values in the task status. This will take you to the Tasks page, which has been pre-filtered by the pillar and status.
     
  • Detailed overview of the Task for a given Law or Control

NOTE: The AMs will display the details of the selected evidence. All in-progress reports will be reflected in the local timezone of the user who downloaded them.

Final Report

Downloading the Final Report will provide you with an offline and more convenient understanding of how your framework or law compliance has been validated and approved. This also serves as a preview for customers seeking certification. The law should be in an Approved state to be able to download the final report.

NOTE: The report is not available for in-progress reviews. Only a reviewer can obtain the report from the Review page.

Similar to the in-progress report, the following details are included in the final report:

  • Overview of progress and effectiveness score across pillars (Build, Implement, Demonstrate, and Overall)
  • Controls Overview (Not Applicable, Met by Evidence, Partially Met, Task Outstanding, To Be Processed, Ready for Review, Approved, Approved Ex, and Not Answered)
  • Task Overview which shows the tasks mapped by categories (Open, In Progress, Ready for Review, Approved, Deferred, Won’t Do)
  • Task Details group the tasks by control and give more information about them

Export All Questions

You can export all controls and questions for a law or standard as a .csv file from the Program Overview Page or Review Page.

The following details are included in the exported questions: 

  • Org Unit
  • Pillar
  • Control Number
  • Control Description
  • L2 Framework Control
  • Question Number 
  • Dependent Question (in case of follow-on questions)
  • Question Texts
  • Question Assignee
  • Respondent Type
  • Question Response Options
  • Response
  • Answer Description
  • Accountability Mechanisms
     

To export from the Program Overview page:

  1. Click the More (1) option on a framework, law, or standard name
  2. Select Export All Questions (.csv) (2) to export all the controls and questions to a .csv file. 

To export from the Review page, click the Download button and select Export All Questions (.csv).

Compliance Overview Report

The report is accessible to all account users depending on their user permissions. 

To generate a Compliance Overview Report:

  1. Hover over the PrivacyCentral icon (1), and then click Privacy Journey Roadmap (2).

  2. Click the Set Org Unit drop-down to select the reportable units in the organization hierarchy to generate the appropriate report. 

NOTE: The same organization structure will be applied for progress report and effectiveness report.

You can use this report to monitor your compliance progress across multiple data segments. The overview is updated to provide a consolidated view of compliance activities and reporting features.

You can also save the report as an image (.png) and as a .csv file.

NOTE: Any recent custom filters used before downloading are included in the image and .csv file. If more than one organization unit is selected for comparison, the file downloaded will include all of the selected organization units as well as the entire comparison chart.

Controls Summary Report

A report of attestors can be generated for all organization units aggregated by their respective aggregation units.

  1. From the Program Overview, select Attestations (1).
  2. Click the Download (2) drop-down and select the Attestor Controls Summary Report (3) to download in either .pdf or .xlsx file.



    The report consists of the following parts:
  • Cover Page

  • Table of Contents

  • Scope
    This section contains a table for the scope that shows the percentage of total controls that have been tested as well as the percentage of the overall responses. Controls are differentiated by mandatory or optional based on the customer’s selection at the time of Attestor creation. For the PMAs identified as Mandatory or Optional, the number of tested controls are identified as Core  vs. Optional.

  • Controls Summary
    The controls summary displays a list of all controls organized by status. A brief depiction of the individual attestor in relation to the percentage of the responses determined to be ‘Applicable’ or ‘Implemented’, shown as percentages.

For the CE Scoring Model and Maturity Scoring Model, two charts are added to show the applicable controls percentage and implemented controls percentage. 

CE Scoring Model
Applicable:

  • Tested Controls - percent (%) of all Yes and No responses out of Total Controls
  • Core Controls - percent (%) of core controls responded as Yes or No out of Tested controls
  • Elective Controls - percent (%) of elective controls responded as Yes or No out of Tested controls

Implemented:

  • Tested Controls  - percent (%) of all Yes responses
  • Core Controls - percent (%) of core controls responded as Yes
  • Elective Controls - percent (%) of elective controls responded as Yes

Maturity Scoring Model
Applicable:

  • Tested Controls - percent (%) of controls responded as Non-existent / Ad Hoc/Repeatable/Defined / Managed / Optimized out of Total controls applicable, excl. ones marked N/A
  • Core Controls - percent (%) of core controls responded as Non-existent / Ad Hoc / Repeatable / Defined / Managed / Optimized out of Tested controls 
  • Elective Controls - percent (%) of elective controls responded as Non-existent / Ad Hoc / Repeatable / Defined / Managed / Optimized out of Tested controls 

Implemented:

  • Tested Controls  - % of controls responded for each of Ad Hoc / Repeatable / Defined / Managed / Optimized, out of Total controls applicable. This does not include controls marked as N/A and Non-existent.
  • Core Controls - % of core controls responded as Ad Hoc / Repeatable / Defined / Managed / Optimized out of Tested controls
  • Elective Controls - % of elective controls responded as Ad Hoc / Repeatable / Defined / Managed / Optimized out of Tested controls

  • Compliance Progress Overview
    This section displays a summary of control progress across all individual org units compared to the AU selected. It can be generated in a CSV report and gives a picture of all PMAs included in an AU/RU by progress percentage.

  • Controls Overview
    This section in the report shows the total number of controls along with the count for each applicable control status