How Do I Complete a Scope Self-Assessment?
The Scope Self-Assessment lets you evaluate your current level of compliance based on a particular scope.
This assessment allows you to set a status for each requirement in the scope. By selecting a status for your requirements, you will determine the percentage of compliance that your organization currently holds for the scope in question. This will assist in showing your organization’s stakeholders your organization's current state of compliance. Completing the Scope Self-Assessment is optional, but recommended.
Follow the steps below to complete your Scope Self-Assessment.
- Navigate to your scope by clicking Compliance > Scopes from the navigation panel on the left-hand side.
- Under the Name column, click on the name of the desired scope.
- From the View Scope page under the Overview tab, you can see the current state of your Scope Self-Assessment, as shown below.
- Click the Requirements tab. Here, you can see the Scope Self-Assessment Progress bar.
- Above the progress bar is the Requirements Breakdown which shows your self-assessment response percentages.
- To complete your Scope Self-Assessment: From the Self-Assessment Response column, select the appropriate response for each requirement.
- If you have not completed the assessment, requirements will have the No Answer option selected by default.
As a best practice, KCM GRC suggests selecting a Self-Assessment Response based on the following recommendations:
Self-Assessment Response KCM GRC's Recommendation No Answer Your organization has yet to determine whether this requirement needs to have a control (or process) in place. Met Your organization has the necessary controls (or processes) in place and is currently meeting this requirement. Partially Met Your organization is partially meeting this requirement, but additional controls (or processes) need to be put in place in order to fully meet the requirement. Not Met Your organization has determined that the requirement is applicable, but you do not have the necessary controls (or processes) in place. N/A Your organization has determined that the requirement is not applicable.
Tip: If you would like to leave a note on the requirement to explain why you chose a particular response, click the requirement name to open it. Then, add a note under the Notes area of the View Scoped Requirement page.
At any time, you can return to the View Scope page > Requirements tab to reassess your scope requirements to reflect the current state of your organization.
Comments
0 comments
Article is closed for comments.