Cybersecurity and privacy regulations ask organizations to protect data and individual privacy. The words built in to the regulations may be different but the intent is the same. What that means is there is a great deal of overlap between regulations in terms of the technical requirements that organizatons need to put into place to meet to meet these obligations. CyMetric's use of a standardized set of controls that can apply to any regulation means that a control that meets the requirements of one regulation is also meeting the requirements of other regulations. When controls are assessed to determine how well they have been implemented, the outputs from that assessment can not only be applied to the initial regulation but other regulations that utilize the same control. For those organizations that have multiple compliance obligations, the effiency this represents can be very significant.
Getting started: Control assessments that have been completed (CLOSED) within one assessment plan can be applied to other Assessment Plans. The process cannot be done with control assessments that are still defined as In Progress. This functionality DOES NOT require the entire primary Assessment Plan to be closed β only the individual control assessment. To leverage this functionality, open the secondary Assessment Plan and navigate to the listing of controls that comprise the plan. For all control assessments where there is a previously assessed control, you will see a date in the Last Assessed column in the control listing grid.
Select the control you would like to apply the previously completed assessment to from the grid by clicking on the caret (>) at the end of the row. Click on the three-dot vertical ellipsis and note the option to View Previous Assessments β click on that option.
A tabbed-based list of all the control assessments previously conducted on that control are presented. Select the appropriate control assessment and click on the Reuse button.
Note that this particular control assessment will be marked as completed and cannot be edited. Confirm the action to apply the control assessment to your secondary assessment plan. To copy this control assessment to other information systems in the secondary Assessment Plan, use the Copy procedure to apply the content to other information systems. For more information on the Copy process, please see the article Apply a Control Assessment to Multiple Information Systems. Unlike reusing a completed Control Assessment and applying it to another Assessment Plan, the Copy to other Information Systems feature will mark the control assessments as In Progress meaning they can be edited.