Below are some commonly-asked questions about the KnowBe4 Compliance Manager. If you don't see the answer you need, submit a ticket to our Support Team.
General Questions
Jump to:
Can I incorporate my existing compliance efforts and processes into KCM GRC?
What modules are available in the KCM GRC console and what do they do?
What are the differences between the various user types in KCM GRC?
How do I determine whether a user is counted against my KCM GRC user count license?
If I add my organization's logo under my Account Settings, where will it appear?
How can I enable/disable Support access to my account?
How do you remove account admin permissions from a user?
How do I request a new feature, template, or improvement?
Working with Scopes
This section is for questions related to working with Scopes including questions about Requirements, Controls, and Evidence which are managed within Scopes.
Jump to:
What is the difference between a Template and a Scope?
I’ve converted my Scope. What should I do next?
How do I add additional Scope permissions for my Contributor user types?
How do I add a Contributor to a scope?
What is the difference between a Control and a Task?
Are Scope Managers able to create Controls?
What is the difference between archiving and deleting a Control?
What is the KCM GRC Task reminder email schedule?
How will my Scope Evidence and my Policy Management module policies be stored?
What MIME types (media types) are allowed to be uploaded as Control documents or Evidence?
Can I download a report of my Scope with Control, Task, and Evidence details?
What are the numbers in the Evidence folder of a .zip Scope export referring to?
How do I pull a report to see which Tasks that are not 100% compliant?
I have a user who left our organization, how do I transfer their responsibilities?
How do I completely remove all scopes and controls in our account?
Question: Can I incorporate my existing compliance efforts and processes into KCM GRC?
Answer: Absolutely. KCM GRC allows you to easily upload any existing processes you may have in place via a CSV file. Once uploaded, these Controls can be mapped to one or more Requirements, and therefore, compliance frameworks.
Question: What modules are available in the KCM GRC console and what do they do?
Answer: The following modules are available in the KCM GRC console. You may not have access to all these modules depending on your subscription level.
- Compliance - Compliance is a module included with your KCM GRC subscription. It allows you to manage audits and compliance. It allows you to assign compliance tasks, create auditor reports, and store evidence. For more information on getting started with your compliance manual, see our Getting Started article, here.
- Policy Management - Policy Management is a module included with your KCM GRC subscription. It allows you to manage, distribute, and track acknowledgments of your organization's required policies. With automatic reminder notifications and functionality to nudge those users who haven't acknowledged, you no longer need to chase your users to fulfill your policy requirements. For more information see our Policy Management article, here.
- Risk Management - Risk Management is a module included with your KCM GRC subscription. It allows you to manage risk by creating risk assessments and the risk dashboard provides an at-a-glance view of your companies greatest risks. For more information see our Risk Management article, here.
Question: What are the differences between the various user types in KCM GRC?
Answer: The KCM GRC platform consists of three different modules, the Compliance module, the Policy Management, and the Risk Management module. There are different user types for each module, see our KCM GRC: User Types guide for more information.
Question: How do I determine whether a user is counted against in my KCM GRC user count license?
Answer: The following user types are recorded towards your user limit: Account Administrators, Contributors (i.e., Users Responsible and Approving Managers), Scope Managers/Admins, Policy Administrators, and Campaign Managers. If a user fills more than one of these roles, they're only counted once.
Auditors and end users added within the Policy Management module, are considered soft licenses and therefore do not count against your KCM GRC user count license.
Question: If I add my organization's logo under my Account Settings, where will it appear?
Answer: Adding your organization's logo under your Account Settings is a great way to personalize your KCM GRC environment. The logo will display at the top-left corner of your console and in any emails that are generated from your KCM GRC platform.
Question: How can I enable/disable Support access to my account?
Answer: You can decide whether or not you'd like to allow KnowBe4's KCM GRC Support team to view your account data so they can better assist you. To shut this feature on or off, follow these steps.
- Click the Settings button from the upper right-hand corner of your screen.
- Click Account Settings > Manage Account Settings.
- From the Enable Support field, select the Yes or No radio button depending on whether you want to enable or disable this functionality.
- Click Save Account Settings.
Question: How do you remove account admin permissions from a user?
Answer: Support can do this for you on the backend. Reach out to them for assistance.
Question: How do I request a new feature, template, or improvement?
Answer: We recommend reaching out to your Customer Success Manager, the KnowBe4 support team, or posting on our KCM Community board for Feature Requests. We base a lot of our development on customer feedback and requests, so we appreciate your input.
Question: What is the difference between a Template and a Scope?
Answer: A Template is a framework or collection of requirements that relate to one another. A Scope describes the boundaries of the project or audit framework. You must convert your Template to a Scope before you can begin to create and assign the appropriate Controls.
Question: I’ve converted my Scope. What should I do next?
Answer: Now that you have converted your Scope, the next step is to do a Self-Assessment of the Requirements to see exactly where your organization stands for your selected framework. This information can help you figure out which Requirements you can quickly create Controls for and which Requirements your organization will need to work on.
To complete a Self-Assessment of the Requirements, please follow these steps:
- Navigate to your Scopes by using the left-hand menu Compliance > Scopes > View Scopes.
- Select your Scope.
- Click the Continue button at the top of the screen.
- From there, go through the list and click Met, Not Met, No Answer, or N/A. You can add notes to explain the reasoning for your answers by clicking the Add Note button.
- Once you have completed the Self-Assessment of the Requirements, click Back to Scope.
You are now ready to start creating your Controls.
Question: How can I add Requirements to my scope?
Answer: To add Requirements to your Scope, please follow these steps:
- Navigate to Compliance > Scopes > View Scopes from the navigation panel on the left-hand side of your account.
- Select Scope then click the Requirements tab click the Add Requirement button.
- Search for the missing Requirement then click Add Requirement.
- Search for second missing Requirement then click Add Requirement > Done Mapping.
Question: How do I add additional Scope permissions for my Contributor user types?
Answer: To add additional Scope permissions for your Contributor, please follow these steps:
- Click the Settings button from the upper right-hand corner of your screen.
- Click Manage Users and search for the user you would like to make the contributor.
- Click the eyeball icon to View the user.
- Click Scopes > Manage Scopes.
- Use the Search Scopes... field to search for a specific scope.
- Click the Set button beneath the permissions you'd like the user to have for the Scope.
- When you are done assigning permissions click Done with Permissions.
For more information on Contributors and the other KCM GRC user types, see our User Types article here.
Question: What is the difference between a Control and a Task?
Answer: A Control is an action or procedure that you are taking to ensure that you are meeting the associated Requirement.
You assign a Task frequency to a Control, which determines the number of Tasks to occur per year. For example, if you set a Task to a monthly frequency, you will have 12 Tasks per year, for the associated Control.
Task reminder notifications are automatically generated by the KnowBe4 Compliance Manager and sent to the Responsible User. To learn more about when these Task reminder notifications are sent, see here.
Question: Are Scope Managers able to create controls?
Answer: Yes, as long as they have Scope Admin access to the Scope in question.
Question: What is the difference between archiving and deleting a Control?
Answer: You may want to archive a Control if you believe it could be used again with a different Requirement. If the Control is a mistake, or if it is not sufficient for any further compliance efforts, you would delete it.
Note:
Deleting Controls is an irreversible action.
Question: How do I assign a Task?
Answer: In order to assign a Task, you must have a Scope that contains Requirements. You'll then need to create or map a Control to a Requirement in order to assign a Task.
Click on "Scopes" in the left-hand side navigation panel, then select the Scope that contains the Requirement(s) you want to assign responsibility to. Click on the "Requirements" tab, and select the Requirement, to create a Control, and then a Task, for.
From the "View Requirement" page, select the "Controls" tab, and click the "Create New Control" button. Once you've entered the appropriate information, select the "Create and Assign" button, then choose a Task Frequency, a Responsible User, and a Start Date.
Note: Users who you need to assign Tasks to must have been given permissions to the Scope.
Question: What is the KCM GRC Task reminder email schedule?
Answer: Reminder emails for Tasks are determined by both the due date for the Task and the frequency set for the Control. The table below defines when your users will receive a reminder email about their Tasks.
|
If... |
Then... |
Applicable to the following frequencies |
|
The Task is due in 365 days. |
The user will be sent a reminder that their Task is due in one year. |
|
|
The Task is due in 30 days. |
The user will be sent a reminder that their Task is due in 30 days. |
|
|
The Task is due in 14 days. |
The user will be sent a reminder that their Task is due in 14 days. |
|
|
The Task is due in 7 days. |
The user will be sent a reminder that their Task is due in 7 days. |
|
|
The Task is due in the next day. |
The user will be sent a reminder that their Task is due in one day. |
|
|
The Task is due today. |
The user will be sent a reminder email that their Task is due today. |
|
|
The Task is past due. |
The user will be sent a reminder email that their Task is past due. |
Question: How will my Scope Evidence and my Policy Management module policies be stored?
Answer: You have two options for adding supplemental files and information (i.e., Evidence for Requirements and/or your organization's required Policies) to your KCM GRC platform. You can either upload files directly to your KCM GRC account or use the DocuLink option to link policies or evidence from your intranet or a file sharing service.
Question: Is there a character limit for DocuLinks submitted as Evidence, or links to policies for the Policy Management module?
Answer: The DocuLink hyperlink field and the policy hyperlink field have a maximum character count of 2000.
Question: Are there limitations for files uploaded as Control Evidence, or policies uploaded to the Policy Management module?
Answer: Please see the details below for the files you can upload to your KCM GRC platform.
- Control Evidence Files:
- File Size: Maximum of 50MB.
- File Name: Maximum of 250 characters (including file extension).
- Policy Management Files:
- File Size: PDF files are a maximum of 50MB.
All other accepted file types have a maximum size of 10MB. See here for more information on the accepted file types. - File Name: Maximum of 250 characters (including file extension).
- File Size: PDF files are a maximum of 50MB.
Question: What MIME types (media types) are allowed to be uploaded as Control documents or Evidence?
Answer: Only the following MIME types are allowed:
- applicaiton/msword
- application/cdfv2-encrypted
- application/cdfv2-unknwon
- application/gip
- application/octet-stream
- application/rtf
- application/tar
- application/tar+gzip
- application/vnd.mms-excel
- application/vnd.ms-outlook
- application/vnd.ms-powerpoint
- application/vnd.msoutlook
- application/vnd.openxmlformats-officedocument.spreasdheetml.sheet
- application/vnd.openxmlformats-officedocument.wordpressingml.docuent
- application/x-7z-compresssed
- application/x-gzip
- application/x-zip-compressed
- application/zip
- applicatoin/vnd.openxmlformats-officedocument.presentationml.presentation
- applicaton/pdf
- image/bmp
- image/gif
- image/jpeg
- image/png
- image/tiff
- image/x-bmp
- image/x-ms-bmp
- image/x-tiff
- image/x-windows-bmp
- message/rfc822
- text/csv
- text/html
- text/plain
- text/rtf
For more information on MIME types, you can read the Wikipedia entry on Media Types here.
Question: Can I download a report of my Scope with Control, Task, and Evidence details?
Answer: You can export a Scope and its associated Tasks and Evidence by navigating to Scopes > Export Scope. Once you've scheduled the export, you can download the zipped folder from the Scheduled Exports page, and view and share the Scope details from an .html file.
Question: What are the numbers in the Evidence folder of a .zip Scope export referring to?
Answer: The ID of the document in the database.
Question: How do I pull a report to see which Tasks that are not 100% compliant?
Answer: To see a list of all the Tasks that have not been satisfied, follow the steps below:
- Navigate to View All Tasks window from the navigation panel on the left-hand side of your account.
- Click the Status drop-down menu and select the following statuses:
- Active
- Failed
- Past Due
Question: I have a user who left our organization, how do I transfer their responsibilities?
Answer: From the "Settings" drop-down menu, select "Manage Users". Select the user you wish to have responsibilities transferred from, by clicking on their email address. Navigate to the "Actions" tab > click "GO" under the "Disable User" widget.
You will then be prompted to select a user to transfer the responsibilities to. If you're transferring responsibilities to a Contributor or a Scope Manager, the transferee must have permissions to the applicable Scope.
Note: This action will only transfer Scope Controls and their associated Task Schedules. Policy campaigns that were created by the disabled user will need to be assigned to a new Campaign Owner, or the Account Admin will be responsible, by default.
Question: How do I completely remove all scopes and controls in our account?
Answer: To clear out your account, use the following steps:
First, clear out the Controls:
- Navigate to Compliance > Scopes > View Scopes from the navigation panel on the left-hand side of your account.
- Select a Scope the click Controls.
- From the Controls Library, select a Control.
- In the upper right corner, click the Delete Control button and then click OK.
- Repeat these steps as needed.
Next, clear out the Scopes:
- Navigate to Compliance > Scopes > View Scopes from the navigation panel on the left-hand side of your account.
- Select Scope then click Delete Scope from the upper right corner and click OK.
- Repeat these steps as needed.
Lastly, you may want to clear out Control Documents and Evidence:
- Navigate to the Evidence Repository from the navigation panel on the left-hand side of your account.
- Select Evidence by clicking on the name then click Delete DocuLink or Delete Document (depending on the type of Evidence).
- Click OK.
You also have the option of archiving your Controls and Scopes, which would allow you to retain the information while cleaning out your account. To archive instead, follow the steps above but click the Archive buttons instead of Delete. To archive instead, follow the steps above but click the Archive buttons instead of Delete buttons.
Comments
0 comments
Article is closed for comments.