Regulatory Agencies Inventory and Attributes

About This Inventory

The Regulatory Agencies Inventory governs every body — governmental, quasi-governmental, supranational, self-regulatory, or standards-setting — whose requirements create formal compliance obligations for the enterprise. Each Noun Instance is a single, uniquely identified Regulatory Agency with its own Semantic ID, its own type classification, its own geographic scope, its own compliance priority, and its own Enterprise Compliance Owner. The inventory applies across all jurisdictions where the enterprise operates, at every level of the geographic hierarchy from global standards bodies through national regulators through state and local authorities.

Document Organization

This document is organized into attribute categories, each forming its own subsection. Each subsection contains one part with an attribute table. The attribute table has three columns: Attribute Name, Maturity, and Description and Notes. The Attribute Name column uses bold black text in Title Case — multi-value attributes append [Multi-Value] below the name. The Maturity column contains one of three values: Crawl (minimum viable attributes without which the inventory cannot function as a governance instrument), Walk (attributes that add the rigor needed for assessment, rationalization, and compliance management), or Run (attributes that enable advanced analytics, AI-assisted portfolio intelligence, and cross-inventory derivation). No attribute in this document is mandatory.

General Governance Principles

For the general inventory governance principles that apply to this inventory — including semantic identifier conventions, data quality standards, owner accountability, lifecycle management, AI-assisted population, and the connection to the Enterprise Model — refer to the IF4IT Enterprise Inventory Management Best Practices document.

Customization

Every attribute in this document is a recommendation — not a mandate. Enterprises are explicitly encouraged to add attributes specific to their regulatory context, rename attributes to match existing vocabulary, adjust valid value sets to match organizational standards, and sequence Crawl/Walk/Run adoption differently based on their priorities. Three things are discouraged: removing foundational Crawl attributes entirely, since compliance governance consistently fails without them; ignoring the Source designation for Calculated and Derived attributes; and abandoning the Semantic Identifier convention, since it is the connective tissue that makes cross-inventory traversal possible in the Enterprise Model.

Tooling Guidance

At Crawl maturity, a well-structured shared spreadsheet is a completely acceptable starting point for the Regulatory Agencies Inventory. At Walk maturity, a GRC (Governance, Risk, and Compliance) platform, a dedicated compliance management system, or a lightweight database provides the querying, alerting, and reporting capabilities that spreadsheets cannot scale to. At Run maturity, a GRC platform integrated with regulatory intelligence feeds and the Enterprise Model supports automated regulatory change monitoring, cross-inventory relationship derivation, and AI-assisted compliance portfolio analysis. Governance discipline and data quality matter far more than tooling sophistication.

The Enterprise Model

This inventory is a component of the Enterprise Model: every Regulatory Agency record, and every attribute of every record, contributes to the enterprise intelligence platform that connects every IT Management discipline through the typed relationships of the Enterprise Ontology. The Regulatory Agencies Inventory is the compliance governance root of the Enterprise Model — the layer from which regulatory authority connects to the data types, integrations, applications, and systems that must comply with it.

Suggested Baseline

The content of this document — including all attribute categories, attribute definitions, maturity designations, governance guidance, and structural recommendations — represents the IF4IT’s current best thinking for building and governing a Regulatory Agencies Inventory. Everything presented here is a suggested baseline, not a mandate. No attribute is required. No category is mandatory. No structural pattern is enforced. Enterprises are explicitly encouraged to adapt, extend, and reshape everything in this document to match their specific context, vocabulary, regulatory environment, industry, and organizational maturity. The IF4IT does not guarantee that the attributes and guidance presented here are complete, exhaustive, or applicable to every enterprise in every context. Practitioners are the experts in their own organizations — use this document as a starting point, not a ceiling.