Skip to main content

Frequently Asked Questions

Quick answers to common questions about frameworks, assessments, programs, tasks, evidence, and reports in episki.

Written by Jessica Donado
Updated over 2 months ago

Below are answers to common questions about using episki.

Getting Started

Q: How do I get started with my first compliance assessment?

A: Start by adding a framework (like SOC 2 or PCI-DSS), then create an assessment against that framework. Work through each control, adding responses and evidence as you go.

Q: What’s the difference between an assessment and a program?
A: Assessments are point-in-time evaluations (like preparing for an annual audit). Programs are ongoing monitoring that maintains compliance between assessments using recurring tasks.

Frameworks

Q: Can I use the same framework for multiple assessments?
A: Yes. Many organizations run annual assessments against the same SOC 2 framework. Each assessment is independent.

Q: Can I customize frameworks?
A: Yes. You can edit controls, add new ones, reorganize hierarchies, and add labels.

Assessments

Q: How do I know when my assessment is complete?
A: When all controls have responses and there are no outstanding tasks or issues. You can also check the completion percentage on the assessment dashboard.

Q: What if I can’t meet a control?
A: Document this in your response. Explain why the control doesn’t apply or what mitigating controls you have instead. Create an issue if remediation is needed.

Programs

Q: What happens if a recurring task is overdue?
A: The associated control becomes “unhealthy,” lowering your overall program health percentage. Complete the task to restore health.

Q: Can I have different schedules for different controls?
A: Yes. Each recurring task can have its own schedule (weekly, monthly, quarterly, etc.).

Tasks and Issues

Q: What’s the difference between a task and an issue?
A: Tasks are work items (things to do). Issues are problems or findings that need resolution. Both are tracked similarly but represent different types of work.

Q: Can a task be linked to multiple controls?
A: Yes. A single task can relate to multiple controls if the work addresses more than one requirement.

Evidence

Q: What types of files can I upload?
A: Common formats such as PDF, DOCX, XLSX, PNG, JPG, and more are supported.

Q: Is there a file size limit?
A: This can vary by workspace. Check with your administrator for your workspace’s specific limits.

Reports

Q: Can I customize report formats?
A: Reports are generated from your assessment data. The best way to improve the output is to complete thorough responses and attach relevant evidence for each control.

Did this answer your question?