Start Trial
PortalMeridianKeystoneRMM
Audit & Compliance Manual

Programs

Program structure, scope ownership, framework planning, and the operating boundary for a compliance effort.

Audience: Compliance managers and program ownersFocus: Program structure and scope controlStatus: Public manual

Scope

Programs are the organizing layer Meridian uses to keep frameworks, controls, and operating ownership from turning into a disconnected spreadsheet exercise. The public guide keeps the working model and removes private setup and integration detail.

Creating a Program

  1. Navigate to Programs in the sidebar.
  2. Click New Program (requires Meridian.manage permission).
  3. Follow the creation wizard:

Step 1: Program Details

  • Name (required): A descriptive name for the compliance program (e.g., “SOC 2 Type 1 Certification 2026”).
  • Description: Optional context about the program’s purpose.
  • Audit Period Start/End: Optional dates defining the audit window. Leave blank for point-in-time assessments.

Step 2: Select Frameworks

  • Browse available compliance frameworks (system frameworks like SOC 2, plus any custom frameworks).
  • Check the frameworks this program will cover.
  • For each selected framework, choose a target level if the framework has maturity levels (e.g., SOC 2 Type 1 vs Type 2).
  • You can add frameworks later from the program detail page.

Step 3: Scope Organizations

  • Add organizations (by ID) that will be covered by this program.
  • You can skip this step and add organizations later.

Step 4: Review & Create

  • Review your selections and click Create Program.
  • The program starts in draft status.

Program Statuses

Status Meaning What You Can Do
Draft Program is being set up Modify all settings, add/remove frameworks and scope
Active Program is operational Same as draft, plus controls and evidence apply
In Audit Under active audit review Same as active. Return to Active after audit.
Archived Completed or retired Read-only. No modifications possible.

Transitioning Program Status

From the program detail page, use the action buttons in the top-right: - Activate: Move from draft to active when the program is configured. - Start Audit: Move to in_audit when an audit begins. - End Audit: Return to active after audit completion. - Archive: Permanently archive the program.

Archiving is irreversible. You will be asked to confirm.

Editing Program Metadata

From the program detail page, click Edit Program in the top-right (visible when you have Meridian.manage and the program is not archived). This opens a modal that edits:

  • Name (required)
  • Description
  • Audit Start and Audit End dates

success/failure via a toast notification. Frameworks and scope are managed from the panels below the page and are not part of this form.

Managing Frameworks

From the program detail page: - Click Add next to the Frameworks section header. - Select a framework and optional target level from the dialog. - To remove a framework, click the trash icon next to it.

Cannot modify frameworks on archived programs.

Managing Scope

From the program detail page: - Enter an organization ID and click Add to include it in scope. - Click x on an organization badge to remove it from scope.

Cannot modify scope on archived programs.

Browsing Frameworks

  1. Navigate to Frameworks in the sidebar.
  2. Browse system frameworks (available to all) and custom frameworks (account-specific).
  3. Click a framework to view its requirements.

Filtering Requirements

On the framework detail page: - Category: Filter by requirement category (e.g., “Common Criteria”, “Availability”). - Necessity: Filter by obligation level (must/should/may). - Level: Filter by maturity level (shows level-specific + level-agnostic requirements).

Requirements are grouped by category with collapsible sections.

Creating Custom Frameworks

Account administrators can create custom frameworks: 1. Navigate to Frameworks. 2. Click New Framework (requires Meridian.admin permission). 3. Provide a key, name, version, and optional description. 4. After creation, open the framework detail page and click + Requirement to add individual requirements. The modal binds reference id, title, description, category, necessity (must / should / may), sort order, and optional level. The reference id must be unique within the framework. System frameworks are immutable and do not show the button.