Assessments provide the business with an evaluation of asset performance at a point in time. They are used to identify vulnerabilities, raise awareness, and prioritize investment in the areas that will have the most impact. For this process to be effective, assessment data needs to be recent and reflect change over time. An audit from three years ago provides some data but may no longer be accurate. An assessment from two weeks ago may be accurate but doesn’t indicate whether security program issues are rising or falling. To keep information current, continuous assessments are needed.
Continuous assessments are an evolution of periodic assessments. They allow the security assessment team to reassess locations for any given assessment without needing to relaunch it. This enables assessments to remain up-to-date without being tethered to a reporting period. Only members of the Security Assessment Team user group can launch or re-launch a continuous assessment.
To launch a continuous assessment:
Log into a user account that's been added to the Security Assessment Team user group.
Click the dropdown in the nav bar > Security Risk Management.
Navigate to the Assessments tab.
Click an assessment in the Complete state in the Assessments: Completed activity to open the Complete, Monitor & Archive form.
Click Reassess. The assessment will return to the Scoping state. Previous results from the assessment may be reset, depending on the configuration options chosen.