Additional control status states

已回答

Cliff Frazier

2020年08月05日 21:11

The most recent changes to KCM included adding 'Partially Met' as a response for the 'Self-Assessment Response' section of requirements (in Scopes).  This is helpful, but it should be able to offer more granularity on the status of requirements. I would love to see this expanded even further to include the following:

Change the 'Self-Assessment Response' from a single item to these 4 items, along with these statuses for each item:

• Policy Defined - No policy, informal policy, partially written policy, written policy, approved written policy
• Control Implemented - Partially implemented, not implemented, mostly implemented, fully implemented
• Control Automated - Partially automated, not automated, mostly automated, fully automated
• Control Reported to Business - Not reported, partially reported, mostly reported, fully reported

This is how it works in a few other tools I have demoed that help you track compliance. Here's an example:

0

• 正式评论

  

  Ariel Escalante 2020年08月06日 15:26

  Hi Cliff,

  Thank you for the feedback on Control statuses. I have passed along your recommendations to our development team as a feature request to be considered for future updates!

   

  评论操作 固定链接

请先登录再写评论。