Table of Contents

All the settings created during setup can be modified using the Settings panel. You may add new and assign them to specific roles that associated with the framework requirements. If desired, you can modify any aspect of the requirements, including control language,

Control Self Assessments are generated as part of the Audit Foundry installation. The users assigned to specific requirements (by way of the role assignment) will receive an email notification that a Control Self-Assessment requires their attention.

When you login as a user, you will see the Dashboard. On the left of the screen is the menu bar. Mouse over the checklist icon and you will see “Self-Assessment” appear.

CSA Menu Icon

Select that menu option and the list of Control Self-Assessments (CSAs) assigned to the user will be listed as shown below:

CSA Table Headers

CSA Headings: #

CSA ID: The ID for each Control Self-Assessment of a requirement. There may be multiple IDs for each requirement if multiple organization users need to provide a response. For example, a requirement for user access management may require a response from a Network Administrator, Server Administrator, Database Administrator, Application Development Manager, and manager of corporate devices (e.g. laptops).

Control ID: This is the ID of the requirement or control in the security framework.

Description: Brief description of the control.

Owner: The control owner who will receive notifications and will provide the response and evidence.

CSA Due Date: The date the CSA is due. The person assigned to the “Accountable” role for a requirement will receive a notice for any open items 3 days prior to the due date.

CSA Submitted Date: The date the CSA was first submitted for review by Quality Assurance.

Stage:

#StageDescription
1Assessment PendingInitial CSA creation
2Assessment In-ProgressAssessor starts but does not complete assessment
3Assessment OverdueCSA was not completed before the due date
4QA Review PendingAssessor completes and submits the CSA
5QA Review In-ProgressQA starts but does not complete assessment
6Additional Information RequiredQA rejects the submission and returns CSA to assessor
7QA Review OverdueQA was not completed before the due date
8QA Complete with exceptionsQA Review completed with issues
9QA Review CompletedQA Review completed without issues. CSA is closed.
10Optional: Under AuditQA Review completed. Flagged for Internal Audit
11Audit In-ProgressAuditor starts but does not complete assessment
12Audit Follow UpContact Control Owner
13Audit ResponseControl Owner responded to Audit
14Audit Completed with exceptionsInternal Audit Completed with exceptions
15Internal Audit CompletedAudit Completed

Action: Select the “Start” button to begin the CSA, “Update” to resume a draft CSA, and “View” to see a CSA that has progressed to QA or has been completed.

You can limit the number of entries shown, search for key words, filter rows by column parameters, or export the list, as shown below:

To begin a CSA, select the “Start” icon at the right of the row.

Powered by BetterDocs