Note: The following features are not added to IT Compliance Management by default. For information on adding these features to your version of the app, contact your CSM.
IT Compliance Assessment
The app offers an assessment tool to keep all tracking efforts consolidated in one place. This allows business users to be engaged and have their evidence uploaded and evaluated through the app. This also grants real-time oversight to IT Compliance Teams. By centralizing assessments, efficiency is promoted in all areas of the compliance and certification process.
Members of the IT Compliance Team user group can reassess any assessment in the Complete state while members of the IT Compliance Team and IT Control Owners user groups can reassess any control from the Complete state. This allows assessments to be updated outside of the constraints of an annual review period.
Users can easily see how assessment related data has evolved over time using trending data.
- Members of the IT Compliance Team user group can create issues from step 2 of the Citation Review form. Issues make it easier to identify and prioritize gaps and consolidate efforts to gain compliance with authority documents.
Users in the IT Compliance Team user group can create announcements to be displayed on the portals for IT control and document request owners. The IT Compliance Team can choose when the announcement goes live, when it is removed, and whether or not an email notification will be sent out to users.
External Auditor Portal
Members of the IT External Auditor user group will have access to a tailored portal experience in order to review evidence that has been flagged by the IT Compliance Team. This portal has the following views:
External Auditor Dashboard: Provides a graphical representation of the progression of each audit.
External Review Grid: A simple, working grid that lists each external citation that has been flagged for review. A citation can be reviewed by clicking the icon in the Citation Name column.
External Citation Review: A form in which the details of a citation can be reviewed and completed.
IT Control Owner Portal
Members of the IT Control Owner user group will have access to a tailored portal experience to better manage controls outside the standard assessment cycle. The portal has the following sections:
IT Control Dashboard: Charts that display all assigned controls broken down by status and operating effectiveness. The dashboard can be starred to have it automatically appear on the control owner's homepage upon login.
IT Control Matrix: Lists each control that has been assigned to the IT control owner. A control can be reviewed by clicking the icon in the Control Name column.
My IT Controls: A complete list of each control assigned to the IT control owner regardless of the assessment cycle. Clicking on a control will open the Control Review form.
Announcements: Displays communications from the IT compliance team.
IT Compliance Reporting
IT Compliance Management contains the following reports:
Framework Coverage Report: A graphical representation of the control coverage offered by each authority document.
Authority Document Progress and Overview Report: Trending data of the authority document's completion status towards certification, as well as a graphical representation of the identified issues by category.
Corporate IT Compliance Assessment Overview: Displays all IT Compliance assessments broken down by status.
Authority Document Gap Summary Report: A summary of citations in an authority document that have been flagged due to poor control effectiveness or related issues.
Authority Document Based Citation Status Report: A graphical representation of each citation attached to an authority document broken down by status.
Authority Document Based Citation Assessment Summary: A graphical representation of each citation attached to an authority document broken down by control effectiveness.
Authority Document Based Issue Overview: Charts that display all issues attached to an authority document broken down by status, priority, and issue type.
Authority Document Issue Trending Report: A visualization of the number of issues attached to an authority document over time, including charts broken down by status and priority.
Authority Document Final Report: A detailed overview of the authority document's assessment that displays all citations and their relevant information.
Design improvements have been made to the formula cards displayed throughout the app.
Titles and company logos can be added to the PDF version of the Authority Document Final Assessment report. Contact Resolver Support or your CSM should you wish to include headers to your PDF reports.
Excluding Archived Data from General Access
Users working in the app will have archived assessment data omitted from performance-impacted activities (such as searching for records or running reports). This data has been restricted to a designated section of the Manage IT Compliance Assessments activity accessible only by the IT Compliance Team. This ensures that the data within the app is relevant and places older information in an easy-to-access, consolidated view.