Applicability Assessment

Once an assessment has been scoped, members of the Compliance Team must review the assessment requirements. All requirements assigned to you and your team will be available in Compliance Management > Determine Applicability > Applicability Assessment

To review requirements:

  1.  Log into a user account that's been added to the Compliance Team user group.
  2. Click the dropdown bar in the nav bar > Compliance Management to display the Determine Applicability activity.  The Compliance Management activity in the nav bar.
  3. Click a requirement in the Applicability Assessment section to display it.
    The Applicability Assessment section of the Determine Applicability page.
  4. Review the requirement to determine if it's relevant to your line of business. The Requirement Name, Description, Sub Topic, and Source of Requirement fields may already be completed, depending on the content in your compliance framework. 
    The Requirement Review form in the Determine Applicability page.
  5. Begin typing keywords in the Requirement Owner and Requirement Delegate (if applicable) field to display a list of available options, then click to select an appropriate user. 
  6. Click + in the top right of the Review Requirement Details section to review the specific areas your organization must comply with.Reviewing the Requirement Details.
  7. Select either Applicable or Not Applicable in the Applicability Assessment field.
    • If you selected Applicable:  
      1. Select the appropriate rating in the Inherent Impact field. Repeat this process for the Inherent Likelihood field to generate an Inherent Risk Score
      2. Optional: Click View Requirement Profile to view this requirements Requirement Profile report. This report summarizes all information about the requirement as well as its attached controls and issues.
      3. Click Send for Control Documentation. The Requirement Owner will be notified by email that a requirement has been assigned to them. An applicable requirement.
    • If you selected Not Applicable
      1. Enter your reasoning for marking this requirement Not Applicable in the Rationale for Not Applicable field. 
      2. Click Requirement Not Applicable. The Requirement will move to the Not Applicable workflow state and can be viewed in the Reports application. Only the Compliance Team can reassess a requirement once it's been deemed inapplicable.Marking a requirement as Not Applicable.