We have implemented GRC to work with PS HR & Finance for access provisioning, de-provisioning & FireFireter access. The audit team requires that the GRC Ruleset is reviewed semi-annually. Can someone guide me on how the RuleSet needs to be reviewed and updated when new roles are added? How to ensure that the RuleSet meets current industry standards? Also, how to show the audit team that the RuleSet has been reviewed.