Applicability Assessment

Once an assessment has been scoped, members of the Compliance Team must review the assessment requirements. All requirements assigned to you and your team will be available in Compliance Management > Determine Applicability > Applicability Assessment

To review requirements:

  1. Log into a user account that's been added to the Compliance Team user group.

  2. Click the dropdown bar in the nav bar > Compliance Management to display the Determine Applicability activity.

    The Compliance Management activity in the nav bar.
  3. Click a requirement in the Applicability Assessment section to display it.

    The Applicability Assessment section of the Determine Applicability page.
  4. Review the requirement to determine if it's relevant to your line of business. The Requirement Name, Description, Sub Topic, and Source of Requirement fields may already be completed, depending on the content in your compliance framework.The Determine Applicability form.

  5. Click + in the top right of the Review Requirement Details section to review the specific areas your organization must comply with.

    Reviewing the Requirement Details.
  6. Select either Applicable or Not Applicable in the Applicability Assessment field.

    • If you selected Applicable:

      1. In the Requirement Owner and Requirement Delegate (if applicable) fields, start typing to display a list of available options, then select the appropriate user and/or user group.

      2. Optional: Click View Requirement Profile to view this requirement's Requirement Profile report. This report summarizes all information about the requirement as well as its attached controls and issues.

      3. Click Send for Risk Assessment. The Requirement Owner will be notified by email that a requirement has been assigned to them.

        An applicable requirement.
    • If you selected Not Applicable:

      1. Enter your reasoning for marking this requirement Not Applicable in the Rationale for Not Applicable field.

      2. Click Requirement Not Applicable. The Requirement will move to the Not Applicable workflow state and can be viewed in the Reports application. Only the Compliance Team can reassess a requirement once it's been deemed inapplicable.

        Marking a requirement as Not Applicable.