Evaluating controls and requirements
Roles and permissions
The following roles can evaluate controls and requirements:
Administrators
Compliance managers who are managers of the evaluation
Users who are managers of the evaluation
You’ll do the majority of your assessment work in the Evaluations tab. From here, you can assess your controls or requirements and record your findings. You also have the option to assign evaluation work to different members of your team. As always, you can communicate with team members about a particular evaluation via the Activity Feed.
Evaluations can be edited individually or in bulk.
Note
You can also access evaluations via Work items. From the left menu, select Work items, and then select the Evaluations tab.
Editing a single evaluation
From the left menu, Assessments.
Select your assessment.
Select the Evaluations tab.
Select the evaluation.
The following information can be edited via the right pane: status, title, description, priority, assignee, due date, created on date, updated on date, source, observations, affected objects (link a new or existing object), tasks (link a new task), and proof (link new proof or unlink existing proof).
Statuses
Not started - Work on the issue has not yet started
In progress - The evaluation is currently being worked on
Submitted - The evaluation has been submitted to the auditor for review
In review - The auditor is reviewing the evaluation
Approved - The evaluation has been reviewed and approved by the auditor
Closed - There is no more work to be done on the evaluation
Collaborate with other members of the evaluation via the evaluation's Activity Feed.
Tip
Looking to score controls (either numerically or categorically)? Create a custom field on your evaluations.
Evaluating multiple evaluations at once
From the left menu, select Assessments.
Select your assessment.
Select the Evaluations tab.
Select the checkboxes next to the evaluations you want to edit. To select all evaluations, select the All checkbox in the upper-left corner of the grid.
Edit any of the following: status, due date, assignee, and/or priority.