All the settings created during setup can be modified using the Settings panel. You may add new and assign them to specific roles that associated with the framework requirements. If desired, you can modify any aspect of the requirements, including control language,
Control Self Assessments are generated as part of the Audit Foundry installation. The users assigned to specific requirements (by way of the role assignment) will receive an email notification that a Control Self-Assessment requires their attention.
When you login as a user, you will see the Dashboard. On the left of the screen is the menu bar. Mouse over the checklist icon and you will see “Self-Assessment” appear.
Select that menu option and the list of Control Self-Assessments (CSAs) assigned to the user will be listed as shown below:
CSA Headings: #
CSA ID: The ID for each Control Self-Assessment of a requirement. There may be multiple IDs for each requirement if multiple organization users need to provide a response. For example, a requirement for user access management may require a response from a Network Administrator, Server Administrator, Database Administrator, Application Development Manager, and manager of corporate devices (e.g. laptops).
Control ID: This is the ID of the requirement or control in the security framework.
Description: Brief description of the control.
Owner: The control owner who will receive notifications and will provide the response and evidence.
CSA Due Date: The date the CSA is due. The person assigned to the “Accountable” role for a requirement will receive a notice for any open items 3 days prior to the due date.
CSA Submitted Date: The date the CSA was first submitted for review by Quality Assurance.
Stage:
| # | Stage | Description |
| 1 | Assessment Pending | Initial CSA creation |
| 2 | Assessment In-Progress | Assessor starts but does not complete assessment |
| 3 | Assessment Overdue | CSA was not completed before the due date |
| 4 | QA Review Pending | Assessor completes and submits the CSA |
| 5 | QA Review In-Progress | QA starts but does not complete assessment |
| 6 | Additional Information Required | QA rejects the submission and returns CSA to assessor |
| 7 | QA Review Overdue | QA was not completed before the due date |
| 8 | QA Complete with exceptions | QA Review completed with issues |
| 9 | QA Review Completed | QA Review completed without issues. CSA is closed. |
| 10 | Optional: Under Audit | QA Review completed. Flagged for Internal Audit |
| 11 | Audit In-Progress | Auditor starts but does not complete assessment |
| 12 | Audit Follow Up | Contact Control Owner |
| 13 | Audit Response | Control Owner responded to Audit |
| 14 | Audit Completed with exceptions | Internal Audit Completed with exceptions |
| 15 | Internal Audit Completed | Audit Completed |
Action: Select the “Start” button to begin the CSA, “Update” to resume a draft CSA, and “View” to see a CSA that has progressed to QA or has been completed.
You can limit the number of entries shown, search for key words, filter rows by column parameters, or export the list, as shown below:
To begin a CSA, select the “Start” icon at the right of the row.
