The assessment module is an add-on module to the projects module. The module offers the ability to create and send out the following three types of assessments:
- Contextual assessments – These assessments are relevant when you want to perform assessments in context of specific assets, such as Porcesses, Activities, Systems, Contracts or Controls. This could be DPIA, LIA or TIA
- Business impacts assessments – These assessments are relevant when you want to perform assessments in context of specific business processes and include a build in impact dropdown options (Very High, High, Low, Very Low) and RTO and RPO assessments
- Global assessments – These are relevant when you want to perform a high-level assessment, which are not performed in context of a specific asset. This is ideal for a IT audit, Data protection GAP analysis, or a high level DPIA.
When working with thte module templates are created by admins in settings afterwhich they can be sent out using the projects module to other stakeholders in the organization who have been added to the system.
Creating assessment templates
Assessment templates are created in settings by admins where each template is given a name, a description and a scope that relates to the core of the system (processes/activities/systems/contracts). This is done to keep assessments being sent out in relation to the way the organization works.
If the scope has been chosen as either processes or activities, the template creator gets the option to make the system auto-generate questions for a system impact assessment, which involves asking responsibles or accountables the following questions in relation to the systems being used in the process or the activity they are responsible or accountable for:
- The impact of loss of confiduentiality of data
- The impact of loss of integrity of data
- The impact of loss of availability of data
- The Recovery Time Objective (RTO)
- The recovery Point Objective (RPO)
- Mandatory closing remarks
The template creator can also chose to create their own questions with the following functionalities for each questions:
- Further description of question
- Attachments and/or relevant links
- Response type: Yes/No OR creation of own drop-down menu for responses
- Marking of which responses ar positive and which responses are negative
- Whether a further description from the question receiver should be available, optional or mandatory
- Whether an attachment from thw question receiver should be available, optional or mandatory
Furthermore, the order in which quetsions should be presented to respondents can be changed by a drag-and-drop feature of each question.
Sending out assessments in projects
When relevant templates have been created they can be addedd to an assessment project in the projects module. When creating the project, a scope for the project is chosen to be either processes, activities, systems or contracts and depending on this choise, assessment templates with a corresponding scope are available in a drop-down menu to be sent out to the relevant other users in the system.
To read more about creation of projects, continous management and overview, go to the Projects module site by clicking here.
Post processing of assessments
When respondents reply to the assessment questions replies can be read by admins and project responsibles in the given assessment project the tasks are created from. Observations can continously be addedd in a separate tab of the project. Observations include information such as observation name, description, scope, observation impact (ranging from very low to very high) and the possibility to add links and/or attachments to each observation.
When all questions in a given assessment have been responded to, a Word report can be downloaded that witholds information on both results of assessment questions as well as observations. When the report has been generated and downloaded a management summary can be added and the project can be archived.
Management summary and/or results from system impact assessments can be read from the given process/activity/system/contract the assessment is related to so that the information from the assessment can be put to further use by the organization, e.g., when implementing further security measures.
Results of the assessments as well as continous overview of running assessmnets and overdue tasks can be found in the Dashboard module under the Assessments dashboard.
To get a full overview and read more about the other Complyon modules, click here.
Click here to be taken to the projects module (accessible if your organization has accquired it)