Assessments provide the business with an evaluation of risk, requirements, and control effectiveness at a point in time. They are used to determine compliance, identify vulnerabilities, raise awareness, and prioritize investment in the areas with the most impact. To be effective, assessment data must be recent and reflect change over time.
For example, an audit from three years ago provides some data but may no longer be accurate. An assessment from two weeks ago may be accurate but doesn’t indicate whether risk levels are rising or falling. To keep information current, continuous assessments are needed.
Continuous assessments are an evolution of periodic assessments. They allow the Compliance Team to reassess Requirements, Controls, and overall risk for any given assessment without needing to launch an entirely new one. This enables assessments to remain up to date without being tethered to a reporting period. Only Compliance Team user group members can launch a continuous assessment.
To launch a continuous assessment:
Log into a user account from the Compliance Team user group.
Click the dropdown in the nav bar > Compliance Management.
Click the Monitor tab.
Click an assessment in the Monitoring state to open the Compliance Assessment form.
Users can perform bulk reassessments on requirements and controls within segments of the larger assessment by clicking a compliance framework, topic, or sub-topic in the navigation tree to the left. Users can also view the below reports on topics or sub-topics as well. Optional: In the Compliance Assessment Reports section, click any of the following buttons to view a more detailed report:
Control Matrix: Displays an overview of all requirements and controls attached to the assessment.
Risk Report: Displays an overview of all the assessments' associated requirements and their overall risk levels.
Results by Regulator: Displays all the inherent and residual risk for each regulator attached to the assessment.
Optional: In the Status Reports section, click any of the following buttons to view a report with further detailed information:
Assessment Status Report: Lists each requirement and control attached to the assessment as well as their respective status.
Issue and Action Status Report: Lists each issue and corrective action attached to the assessment as well as their respective status.
Navigate to the Assessment Management section.
Click Reassess Compliance Assessment to return to the In Progress state, requirements in the Monitoring state will return to the Pending Assessment state, and controls in the Complete state will return to the Assessment state.
In order to maintain complete records, it's recommended that all outstanding issues on an assessment are closed before reassessing.