Assessments provide the business with an evaluation of risk, requirements, and control effectiveness at a point in time. They are used to determine compliance, identify vulnerabilities, raise awareness, and prioritize investment in the areas that will have the most impact. For this process to be effective, assessment data needs to be recent and reflect change over time. An audit from three years ago provides some data but may no longer be accurate. An assessment from two weeks ago may be accurate but doesn’t indicate whether risk levels are rising or falling. In order to keep information current, continuous assessments are needed.
Continuous assessments are an evolution of periodic assessments. They allow the compliance team to reassess risk, requirements, and controls for any given assessment without needing to launch an entirely new assessment. This enables assessments to remain up-to-date without being tethered to a reporting period. Only members of the Compliance Team user group can launch a continuous assessment.
To launch a continuous assessment:
Log into a user account that's been added to the Compliance Team user group.
Click the dropdown in the nav bar > Compliance Management.
Click the Monitor tab.
Click an assessment in the Monitoring state in the Compliance Assessments in Monitoring section to open the Review and Reassess Compliance Requirements form.
Navigate to the Assessment Management section.
Click Reassess. The assessment will return to the In Progress state, requirements in the Monitoring state will return to the Pending Assessment state, and controls in the Complete state will return to the Assessment state.
|In order to maintain complete records, it's recommended that all outstanding issues on an assessment are closed before reassessing.|