You can use our scope exports feature to export information about your scopes from your KCM GRC account. Exporting your scope information may be beneficial during an audit, or if you need to keep a record of the status of your requirements, controls, and evidence at a particular point in time.
The exported information is referred to as a scope export. The scope export is a password-protected ZIP file that contains the following details about a scope: scoped requirements, controls, tasks, and task evidence. See the sections below to learn more.
Creating and Downloading a Scope Export
Account Administrators and Scope Administrators can create scope exports. However, Scope Administrators can only export their Allowed Scopes. To learn more about user roles and permissions, see our User Roles Guide.
Follow the steps below to create a new scope export:
- Navigate to the Scope Exports page. From the navigation panel, click Compliance > Scope Exports.
- Click the Create Export button. Then, on the Export a Scope page, add the information outlined below.
- Name: Add the name of the scope that you are exporting or another name that represents the information you're exporting. This name will show on the Scope Exports page.
- Description: Describe the scope or the information that you are exporting.
- Scope ID: Select the name of the scope that you would like to export.
- Choose Tasks to Export (optional): Click the All Tasks checkbox to export all of the tasks for the controls under this scope. If you'd only like to export tasks with a specific status, select the applicable checkbox or checkboxes.
- Alternatively, if you'd only like to export your scoped requirements and the controls that they are mapped to, deselect all of the checkboxes.
- Password: Create a password for your export. Your password is case-sensitive. Please note that you will need to enter this password before you can unzip your export file.
- Click the Schedule Export button.
Once you see the Process Complete status in the Process Status column, you can download your export by clicking the download icon. Account Administrators and Scope Administrators can also delete exports from their platform by clicking the trash icon.
See the next section for details about the information available in your scope export.
The Scope Export File
After you've downloaded your scope export, unzip the file and enter your password. See the following sections to learn about the contents of your scope export folder.
Understanding the File Structure
There are two primary parts of your scope export: The evidence files that have been submitted for your control tasks and the HTML file that outlines the requirements, controls, tasks, and evidence under your scope. See the details below to understand what is included in your export file.
- The name of your scope export folder. The folder name will contain your KCM GRC account name. You can see your account name under your Account Settings > Account Overview tab.
- Expand the documents folder to see a folder for each of the tasks that contain evidence in the form of a document (file).
Note: Your documents folder will be empty if you did not include tasks in your export, or if you have exported tasks that haven't had evidence files submitted for them. For example, when creating your export, if you choose to export Past Due Tasks or Failed Tasks, it's likely that evidence has not been submitted for these tasks. View the index.html file to see details about these tasks. See the Understanding the HTML Page section below for more information.
- The task folder names include the task name and a task ID that is unique to your account. There will be a task folder for each task that contains evidence in the form of a document (file).
- To view the tasks that contain evidence in the form of a link, open the index.html file. From the index.html file, you can also open and view the linked evidence. See the Understanding the HTML Page section below for details.
- The evidence file that has been submitted for the task.
- The css folder does not contain information about your scope, it only exists so that you can view the index.html file in your export. To ensure that your index.html file displays properly, do not edit or delete the files in this folder.
- Open the index.html file in your browser to view details about the requirements, controls, and tasks under your scope as a web page. See the next section to learn more about this file.
Understanding the HTML File
When you open the index.html file from your scope export folder, it displays as a webpage in your browser. The index.html file lists all of the requirements in your scope and includes the controls that the requirements are mapped to, when applicable. This file also provides details about the control tasks under this scope. See below for details about this page.
- The name of the scope that you have exported.
- The name of a requirement under this scope. This is known as a scoped requirement.
- The Requirement ID.
- The name of the control that is mapped to the requirement.
- The control description.
Note: If more than one controls are mapped to the requirement, all controls will show under the requirement (click to view example).
- User/Group Assigned: If there is a user or user group assigned to the control this information is displayed here.
- Manager: If there is an Approving Manager assigned to the control this information is displayed here.
- Click the plus button () to see details about the tasks that have been created for this control, as outlined below.
- Name: The name of the task. The task may share the same name as the control that it was created for.
- Due Date: The date that the task is due.
- Status: The current status of the task.
- Stage: The current stage of the task. This is also known as the task's Approval Stage.
- Evidence: The name that the User Assigned entered for the evidence when adding evidence to the task. If evidence has not been submitted for the task, "No Evidence" will display in this field instead.
Tip: To view evidence from the index.html webpage, make sure that you have unzipped the scope export folder. Then, click the evidence name to open the link (URL) or document (file) that was submitted as evidence. Evidence links can only be opened from the index.html webpage. Evidence documents can be opened from the index.html webpage and the scope export folder. See the Understanding the File Structure section above for details about the scope export folder.