How Do I Create Tasks for My Controls?
When using the KCM GRC platform for compliance management or risk management purposes, task schedules are the best way to ensure that your organization is maintaining it's ongoing efforts.
In KCM GRC, tasks are assigned to users so they can collect evidence for the controls that your organization needs to maintain. Controls are the statements that outline the policies and procedures that your organization has in place—in order to remain compliant and/or secure.
See the sections below to learn about task schedules and one-time tasks, the necessary prerequisites, and how to create tasks for your controls.
Jump to:
What Types of Tasks Are Available for My Controls?
Navigating to the View Control Page
How Do I Create a Task Schedule (Or a One-time Task)?
- Creating a One-time Task
- Creating a Task Schedule (Standard)
- Creating a Task Schedule Using Effective Date Range
How Do I Cancel a Task Schedule?
Prerequisites
Before you can create task schedules for your controls, you'll need to do the following:
- Create and map controls to the appropriate scoped requirements or risks. Create controls for one or both of the following purposes:
Compliance Management Controls- Create controls to document how your organization is meeting the requirements that you've added to your scopes.
- For more information, see our Creating and Importing Controls article.
Risk Management Controls- Create controls to document the preventative measures that your organization takes against the risks that you've added to your risk register.
- For more information, see our Creating and Mapping Risk Controls article.
- Create controls to document how your organization is meeting the requirements that you've added to your scopes.
- Create user accounts for the individuals who will be responsible for completing and approving control tasks. Typically, you can grant these users the Contributor user role in KCM GRC. For more information, please see our User Roles article.
- When creating a task schedule, you will assign the following roles to these users:
User AssignedThe user responsible for submitting evidence for a task.Approving Manager (optional)The user responsible for approving task evidence before the task can be closed.Second-level Approving Manager (optional)The user responsible for approving task evidence–after the Approving Manager has approved the evidence–before the task can be closed.
- When creating a task schedule, you will assign the following roles to these users:
- Ensure that your users (described in prerequisite 2) have activated their user accounts.
What Types of Tasks Are Available for My Controls?
The following is true for all tasks that are created in your account:
- You will assign a user who is responsible for the task. This role is called the User Assigned.
- The User Assigned receives task reminder email notifications from KCM GRC, based on the task frequency (see: Control Task Notifications).
- You can require evidence to be submitted for a task via one or either of the following methods:
- Upload a file directly to your account
- Add a URL to your account that links to evidence from your intranet or a file sharing service
There are three task schedule options available in your platform:
- One-Time Task: These tasks only occur once and have a specified due date.
A one time task may be appropriate when:
- A task only needs to occur once or on an as-needed basis.
- An unexpected incident occurs outside of the control's normal task schedule.
- You're onboarding with your KCM GRC platform and your compliance efforts are currently up-to-date, but you want to track your current efforts so they can be referenced at a later time.
- Task Schedule (standard): This is the most commonly used option for control tasks. The task will automatically recur based on the selected frequency. Decide which frequency is appropriate based on how often your organization needs to submit new evidence for the control. For a description of the task frequencies, see the Task Schedule Frequencies section of this article.
- Task Schedule using Effective Date Range (EDR): Using Effective Date Range (EDR) is generally not necessary nor recommended for most use cases. This schedule is similar to a standard task schedule, but if you utilize EDR, you are choosing to show the time period that is covered by the task.
If you're ready to create tasks, skip to this section. See the next section to learn about your options for assigning users to approve task evidence.
Task Approval Workflows
If evidence is required for a task—and you would like to assign one or more users to review the evidence before the task can be closed—there are two approval workflows available. For details, expand the drop-down menus below:
The standard workflow allows you to assign up to two users who will be required to review task evidence—an Approving Manager and a Second-level Approving Manager.
- The User Assigned submits evidence for the task.
- The User Assigned clicks the Complete Task button.
- (Optional) If there is an Approving Manager assigned to the task:
- Once the User Assigned has completed the task, the Approving Manager receives an email notification to approve the evidence.
Tip: Additionally, if the task reaches the Past Due status, the Approving Manager would receive an email notification.
- Once the User Assigned has completed the task, the Approving Manager receives an email notification to approve the evidence.
- (Optional) If there is a Second-level Approving Manager assigned to the task:
- Once the Approving Manager has approved the task, the Second-level Approving Manager receives an email notification to approve the evidence.
The user group workflow allows you to assign up to three users who will be required to review the task evidence—the Group Lead, Approving Manager, and Second-level Approving Manager.
- The User Assigned submits evidence for the task.
- The User Assigned clicks the Complete Task button.
- (Optional) If there is a user group assigned to the control (and the Group Lead is not assigned to the task):
- Once the User Assigned has completed the task, the Group Lead receives an email notification to approve the evidence.
Tip: Additionally, if the task reaches the Past Due status, the Group Lead would receive an email notification.
- Once the User Assigned has completed the task, the Group Lead receives an email notification to approve the evidence.
- (Optional) If there is an Approving Manager assigned to the task:
- Once the Group Lead has approved the task, the Approving Manager receives an email notification to approve the evidence.
Tip: Additionally, if the task reaches the Past Due status, the Approving Manager would receive an email notification.
- Once the Group Lead has approved the task, the Approving Manager receives an email notification to approve the evidence.
- (Optional) If there is a Second-level Approving Manager assigned to the task:
- Once the Approving Manager has approved the task, the Second-level approving Manager receives an email notification to approve the evidence.
Navigating to the View Control Page
Once you've added your organization's controls to your KCM GRC platform, you can create task schedules for these controls.
In your KCM GRC account, you have two primary areas from which you can work with your controls:
- If your controls will be mapped to multiple requirements across multiple scopes, we recommend working from the Controls Library area of your account.
- For navigation instructions, see the Creating Tasks from the Controls Library section, below.
- If your controls are specific to one requirement–and therefore to one scope–we recommend working from the Controls tab within your scope.
- For navigation instructions, see the Creating Tasks from a Scope section, below.
Navigating From the Controls Library
Follow the steps below to open a control from the Controls Library area of your account.
- From the navigation panel to the left, click Controls.
- From the Controls Library table, click a control name to open the control. You can use the search bar under the Name column to find a specific control.
Now, see the How Do I Create a Task Schedule? section, below, for instructions on creating one-time tasks and task schedules. See the task descriptions, above, to learn more about your task options.
Navigating From a Scope
Follow the steps below to open a control from the Controls tab within a scope:
- From the navigation panel to the left, click Compliance > Scopes.
- From the Name column, click on the name of the scope containing the requirements that are mapped to the controls you'll be working in.
- From the View Scope Page, click the Controls tab.
- Here you'll find all of the controls that are mapped to requirements within the scope. Click a control name to open the control.
Workflow Tip: If you are creating task schedules for multiple controls in the same scope, right-click each control name to open the controls in new tabs.
How Do I Create a Task Schedule (Or a One-time Task)?
After deciding whether you would like to create a task schedule or a one-time task, see the applicable subsection for instructions:
- Creating a One-time Task
- Creating a Task Schedule (Standard)
- Creating a Task Schedule Using Effective Date Range
Creating a One-time Task
From the View Control page, follow the steps below to create a one-time task:
- From the Task Schedules tab, click the Create Schedule button.
- In the Create Task Schedule window, add the details that are outlined below:
- Be sure to click the One-Time Task checkbox.
- User Assigned: Select (or search for) the name of the user who will be responsible for submitting the evidence that is needed for the task.
- This user will receive task reminder email notifications from KCM GRC. For details, see: Control Task Notifications.
- Assigned Manager (Optional): Select (or search for) the name of the user who will be responsible for approving the task evidence before the task can be closed.
- This user will receive an email notification once the task is awaiting approval. For more information, see the Task Approval Workflows section.
- Second-level Approving Manager (Optional): Select (or search for) the name of the user who will be responsible for approving the task evidence–after the Approving Manager has approved the evidence–before the task can be closed.
- This user will receive an email notification once the task is awaiting their approval. For more information, see the Task Approval Workflows section.
- Due Date: Select a date from the calendar. The task evidence should be submitted on or before this date.
- For one-time tasks, the due date also determines the task's start date and end date.
Tip: By default, tasks are considered "Past Due" for seven days past the due date, before changing to the "Failed" status. You have the option to change this default Task Fail Interval setting. See our Account Settings article to learn more.
- For one-time tasks, the due date also determines the task's start date and end date.
- Task Name: By default, the control name will show in this field. You have the option to update the task name to be specific to this task.
- Task Description: By default, the control description will show in this field. You can (optionally) update the task description to be specific to this task.
- Evidence Requirements:
- Leave both options disabled if: Evidence is not required for the task.
- Enable both options if: You would like to give your user the option to submit a link to an externally-hosted file or upload a file directly to your account.
- Enable Require Link if: Your user should only have the option to submit a link to an externally-hosted file.
- Enable Require Document Upload if: Your user should only have the option to upload a file directly to your account.
Note: One of these evidence requirement options may be disabled if you have restricted the evidence allowances at the scope-level or account-level. To learn more, see: Restricting the Type of Evidence Allowed for Compliance Controls.
- Click the Schedule button to save the task.
Creating a Task Schedule (Standard)
From the View Control page, follow the steps below to create a task schedule:
- From the Task Schedules tab, click the Create Schedule button.
- In the Create Task Schedule window, add the details that are outlined below:
- User Assigned: Select (or search for) the name of the user who will be responsible for submitting the evidence that is needed for the task.
- This user will receive task reminder email notifications from KCM GRC. For details, please see: Control Task Notifications.
- Assigned Manager (Optional): Select (or search for) the name of the user who will be responsible for approving the task evidence before the task can be closed.
- This user will receive an email notification once the task is awaiting approval. For more information, see the Task Approval Workflows section.
- Second-level Approving Manager (Optional): Select (or search for) the name of the user who will be responsible for approving the task evidence–after the Approving Manager has approved the evidence–before the task can be closed.
- This user will receive an email notification once the task is awaiting their approval. For more information, see the Task Approval Workflows section.
- Schedule Frequency: The frequency determines how often the task should occur.
- For example, if you create a task schedule at the Monthly frequency, the task will be open for one day, on the same day of each month.
Tip: For an explanation of each frequency, see the Task Schedule Frequencies section.
- For example, if you create a task schedule at the Monthly frequency, the task will be open for one day, on the same day of each month.
- Due Date: Select the due date for the first task in the schedule.
- For tasks under a standard task schedule, the start date, end date, and due date will share the same date, per task. To see examples, refer to the Task Schedule Frequencies section.
Tip: By default, tasks are considered "Past Due" for seven days past the due date, before changing to the "Failed" status. You have the option to change this default Task Fail Interval setting. See our Account Settings article to learn more.
- For tasks under a standard task schedule, the start date, end date, and due date will share the same date, per task. To see examples, refer to the Task Schedule Frequencies section.
- Task Name: By default, the control name will show in this field. You have the option to update the task name to be specific to this task schedule.
- Task Description: By default, the control description will show in this field. You can (optionally) update the task description to be specific to this task schedule.
- Evidence Requirements:
- Leave both options disabled if: Evidence is not required for the task.
- Enable both options if: You would like to give your user the option to submit a link to an externally-hosted file or upload a file directly to your account.
- Enable Require Link if: Your user should only have the option to submit a link to an externally-hosted file.
- Enable Require Document Upload if: Your user should only have the option to upload a file directly to your account.
Note: One of these evidence requirement options may be disabled if you have restricted the evidence allowances at the scope-level or account-level. To learn more, see: Restricting the Type of Evidence Allowed for Compliance Controls.
- User Assigned: Select (or search for) the name of the user who will be responsible for submitting the evidence that is needed for the task.
- Click the Schedule button to save the task.
Creating a Task Schedule Using Effective Date Range
From the View Control page, follow the steps below to create a task schedule using Effective Date Range (EDR):
- From the Task Schedules tab, click the Create Schedule button.
- In the Create Task Schedule window, add the details that are outlined below:
- Be sure to click the Use Effective Date Range checkbox.
Note: This checkbox will be unavailable if Effective Date Range is disabled under your account settings. To learn more, see our Managing Account Settings article. - User Assigned: Select (or search for) the name of the user who will be responsible for submitting the evidence that is needed for the task.
- This user will receive task reminder email notifications from KCM GRC. For details, please see: Control Task Notifications.
- Assigned Manager (Optional): Select (or search for) the name of the user who will be responsible for approving the task evidence before the task can be closed.
- This user will receive an email notification once the task is awaiting approval. For more information, see the Task Approval Workflows section.
- Second-level Approving Manager (Optional): Select (or search for) the name of the user who will be responsible for approving the task evidence–after the Approving Manager has approved the evidence–before the task can be closed.
- This user will receive an email notification once the task is awaiting their approval. For more information, see the Task Approval Workflows section.
- Schedule Frequency: The frequency of the task schedule determines the following:
- How often the task should occur.
- For example, if you create a task schedule (using EDR) at a monthly frequency, and set a start date of July 7, 2020: The task will be open from July 7, 2020, until August 7, 2020, and the next task in the schedule will also begin on August 7, 2020.
Tip: To learn more about each schedule frequency, see the Task Schedule Frequencies section.
- For example, if you create a task schedule (using EDR) at a monthly frequency, and set a start date of July 7, 2020: The task will be open from July 7, 2020, until August 7, 2020, and the next task in the schedule will also begin on August 7, 2020.
- The length of the date range in which evidence should be collected for this control.
- Continuing with the above example, evidence should be collected between July 7, 2020, and August 7, 2020. The due date for the task evidence is determined by your selection in the Due After field (see item g., below).
- How often the task should occur.
- Start Date: Select a start date for the first task in the schedule.
- Together, the task's Start Date and Schedule Frequency determine the end date of the first task in the schedule. Additionally, a task's end date also serves as the start date of the next task in the schedule (when using EDR). For more information and examples, see the Task Schedule Frequencies section.
- Due After: Select the amount of time that the user should have to submit evidence–starting from the end date–for each task in the schedule. This setting will determine the due dates for the tasks under this schedule.
- Task Name: By default, the control name will show in this field. You have the option to update the task name to be specific to this task schedule.
- Task Description: By default, the control description will show in this field. You can (optionally) update the task description to be specific to this task schedule.
- Evidence Requirements:
- Leave both options disabled if: Evidence is not required for the task.
- Enable both options if: You would like to give your user the option to submit a link to an externally-hosted file or upload a file directly to your account.
- Enable Require Link if: Your user should only have the option to submit a link to an externally-hosted file.
- Enable Require Document Upload if: Your user should only have the option to upload a file directly to your account.
Note: One of these evidence requirement options may be disabled if you have restricted the evidence allowances at the scope-level or account-level. To learn more, see: Restricting the Type of Evidence Allowed for Compliance Controls.
- Be sure to click the Use Effective Date Range checkbox.
- Click the Schedule button to save the task.
Task Schedule Frequencies
When creating a task schedule, you will select a frequency from the Schedule Frequency drop-down menu. Expand the drop-downs below to learn how the frequencies behave under the two task schedule options.
Schedule Frequency | Description | Start Date | End Date | Start Date of the Next Task |
Weekly | The task will recur every seven days. | Example Start Date: July 1, 2020 | The same date as the task's Start Date. Example: July 1, 2020 |
The next task will start 7 days after the previous Start Date/End Date. Example: July 8, 2020 |
Monthly | The task will recur every month. | Example Start Date: July 1, 2020 | The same date as the task's Start Date. Example: July 1, 2020 |
The next task will start on the same day, in the following month. Example: August 1, 2020 |
Bimonthly | The task will recur every other month. | Example Start Date: July 1, 2020 | The same date as the task's Start Date. Example: July 1, 2020 |
The next task will start on the same day, two months after the previous task's Start Date/End Date. Example: September 1, 2020 |
Quarterly | The task will recur every three months. | Example Start Date: July 1, 2020 | The same date as the task's Start Date. Example: July 1, 2020 |
The next task will start on the same day, three months after the previous task's Start Date/End Date. Example: October 1, 2020 |
Semiannually | The task will recur every six months. | Example Start Date: July 1, 2020 | The same date as the task's Start Date. Example: July 1, 2020 |
The next task will start on the same day, six months after the previous task's Start Date/End Date. Example: January 1, 2021 |
Annually | The task will recur once every year. | Example Start Date: July 1, 2020 | The same date as the task's Start Date. Example: July 1, 2020 |
The next task will start on the same day, one year after the previous task's Start Date/End Date. Example: July 1, 2021 |
Every Two Years | The task will recur every other year. | Example Start Date: July 1, 2020 | The same date as the task's Start Date. Example: July 1, 2020 |
The next task will start on the same day, two years after the previous task's Start Date/End Date. Example: July 1, 2022 |
Every Three Years | The task will recur once every three years. | Example Start Date: July 1, 2020 | The same date as the task's Start Date. Example: July 1, 2020 |
The next task will start on the same day, three years after the previous task's Start Date/End Date. Example: July 1, 2023 |
Every Five Years | The task will recur once every five years. | Example Start Date: July 1, 2020 | The same date as the task's Start Date. Example: July 1, 2020 |
The next task will start on the same day, five years after the previous task's Start Date/End Date. Example: July 1, 2025 |
Schedule Frequency | Description | Start Date | Task Duration | End Date* | Start Date of the Next Task |
Weekly | The task will recur every week. | Example Start Date: July 6, 2020 | The task is open for 7 days. | Example End Date: July 13, 2020 | The next task will start on the same day as the previous task's End Date. Example: July 13, 2020 |
Monthly | The task will recur every month. | Example Start Date: July 6, 2020 | The task is open for one month. | Example End Date: August 6, 2020 | The next task will start on the same day as the previous task's End Date. Example: August 6, 2020 |
Bimonthly | The task will recur every other month. | Example Start Date: July 6, 2020 | The task is open for two months. | Example End Date: September 6, 2020 | The next task will start on the same day as the previous task's End Date. Example: September 6, 2020 |
Quarterly | The task will recur every three months. | Example Start Date: July 6, 2020 | The task is open for three months. | Example End Date: October 6, 2020 | The next task will start on the same day as the previous task's End Date. Example: October 6, 2020 |
Semiannually | The task will recur every six months. | Example Start Date: July 6, 2020 | The task is open for six months. | Example End Date: January 6, 2021 | The next task will start on the same day as the previous task's End Date. Example: January 6, 2021 |
Annually | The task will recur once every year. | Example Start Date: July 6, 2020 | The task is open for one year. | Example End Date: July 6, 2021 | The next task will start on the same day as the previous task's End Date. Example: July 6, 2021 |
Every Two Years | The task will recur every other year. | Example Start Date: July 6, 2020 | The task is open for two years. | Example End Date: July 6, 2022 | The next task will start on the same day as the previous task's End Date. Example: July 6, 2022 |
Every Three Years | The task will recur once every three years. | Example Start Date: July 6, 2020 | The task is open for three years. | Example End Date: July 6, 2023. | The next task will start on the same day as the previous task's End Date. Example: July 6, 2023 |
Every Five Years | The task will recur once every five years. | Example Start Date: July 6, 2020 | The task is open for 5 years. | Example End Date: July 6, 2025 | The next task will start on the same day as the previous task's End Date. Example: July 6, 2025 |
*End Date: For task schedules using EDR, the end date is not the same as the due date for task evidence. The due date will depend on the selection that you've made for the Due After field when creating the task schedule. For details, see item g., under the Creating a Task Schedule Using Effective Date Range section.
How Do I Cancel a Task Schedule?
If you would like to end a task schedule or cancel a one-time task, you can do so without losing task data or the evidence that has been submitted to existing tasks.
Follow the steps below to cancel a task schedule:
- Navigate to the View Control page that contains the task schedule that you would like to cancel. For navigation instructions, see the Navigating to the View Control Page section.
- With the Task Schedules tab selected, click the cancel icon for the schedule that you would like to cancel.
- Once prompted, click Yes.
Tip: From the Tasks tab, you will continue to see the tasks that were created under the canceled schedule. If you would like to delete an individual task, open the View Task page and click Delete Task.
Comments
0 comments
Article is closed for comments.