Regulations 
In the regulation hierarchy, you document which compliance initiatives your company supports. For each compliance initiative, you can document the regulation and its requirements. After defining a new regulation, you specify the subprocesses and controls that are relevant to that regulation.
The Regulations section allows you to:
Document and review your compliance initiatives in one place
Organize your compliance initiatives into groups
Prerequisites
Complete the following Customizing activities according to your business needs:
Maintain Regulation Role Assignments under
Governance, Risk, and Compliance 
Process Control Authorizations 
Relate Regulation to Plan Usage under
Governance, Risk and Compliance Process Control Multiple Compliance Framework Define Subtypes for Regulation Specific Attributes under
Governance, Risk and Compliance Process Control Multiple Compliance Framework Enable CAPA by Regulation Type under
Governance, Risk, and Compliance Common Component Settings Ad Hoc Issues
Example
You have a group of financial compliance initiatives that could include SOX, J-SOX, and IDS or a group of operational compliance initiatives that include FDA and Life Sciences regulations.
Maintain your regulation hierarchy to the individual requirement level, if desired. For example, you can maintain SOX compliance down to the regulation requirement SOX 302. If you maintain regulation requirements, you can assign them to controls and track the affected requirements at the control level.