Issue introduction
To pass the audit, issues need to be remediated. Because remediation can take several steps, visibility of progress is absolutely vital.
Remediation can range from a quick fix to a multi-quarter project that needs to be tracked. At best, issues mean spending resources to fix a problem. At worst, they jeopardize a company’s entire future—losing a certification can mean not being able to do business at all. Because many organizations don’t discover issues until the audit is in progress, they are oftentimes left scrambling under severe pressure to implement a fix.
Because Hyperproof is a continuous compliance operations platform, issues can be discovered and addressed long before your organization enters its audit phase.
Creating and managing an issue on an audit
After you configure an audit or click into it, you'll notice that the audit has an Issues tab. In this tab, you can create or monitor any issues linked to the audit that require remediation.
Click the arrows and steps on the image to learn more below:
Creating an issue
Creating an issue
From the left menu, select the tab that corresponds with the issue you want to link. For example, if you want to link an issue to a audit, select the Audits tab.
Select the specific object. For example, if you want to link the issue to a specific audit.
Select the Issues tab.
Click New.
Enter the following information:
Summary (required) - A summary of the issue and the potential result if it isn't remediated
Description - A detailed overview of the issue
Make issue private checkbox - Select this checkbox to make the issue private. Doing so restricts inheritance—only users explicitly added to the issue’s facepile can see the issue. Other users (such as members of affected objects) can see that the issue exists, but they’ll only see the issue ID. To access the issue, they’ll need to contact the issue manager(s).
Action plan - The plan to remediate the issue
Impact - The impact the issue has on your organization if it isn't resolved
Priority - The priority level for resolving the issue
Assignee - The individual who will work to remediate the issue
Effort level - The amount of effort it'll take your organization to remediate the issue
Business owner - The individual who owns the issue. Note that a contact can also be an owner.
Executive sponsor - The individual who is of senior level and ultimately responsible for overseeing the remediation of the issue
Due date - The date that the remediation is due
Discovered on - The date that the issue was discovered
Click Create.
The issue is created.
Affected objects on issues
As mentioned above, it's important to monitor linked affected objects on issues. In the tutorial below, we'll walk through why this is the case, especially when it comes to our controls and the health of those controls.
The tutorial below is shown in the administrator role with organizational permission as a manager in Hyperproof. If you are in another role in Hyperproof, or have a different permission you may not have access to some of these areas shown or they may be greyed out.
Click the arrow to read the steps below:
Linking an additional affected object to an issue
Linking an additional affected object to an issue
From the left menu, select the tab that corresponds with the issue.
For example, if you want to link an additional affected object to an issue that's linked to a control, select the Controls tab.
Select the specific object that the issue is linked to.
For example, if the issue is linked to control ID 1234, select that control.
Select the Issues tab.
Select the issue.
In the right pane, click the arrow in the Link button next to Affected objects.
Select either Link new or Existing link.
If you select Link New, the Create New window opens. Select an object from the drop-down menu, name the object, and then click Create.
If you select Link Existing, the Link Objects window opens. Select the object or objects you want to link, then click Link.
The affected object is linked.
Issues and remediation workshop
Here at Hyperproof, we offer workshops monthly on specific topics and features in Hyperproof. We do record each workshop for our customers and partners to review. Recordings are available in our community. If you'd prefer to review the workshop later, you can navigate to our community below to bookmark it.
Note: if you have not created an account for the community, you can submit one on the homepage. The community is available to all our current customers/partners.
Below is a workshop from October 2022 on issues and remediation. This workshop provides a comprehensive overview and demo of how issues and remediation work in Hyperproof. We cover how to create an issue, how to add affected objects to an issue, and how to remediate an issue.
Click the arrow to read the steps below:
Adding a user to an issue
Adding a user to an issue
From the left menu, select the tab that corresponds with the issue. For example, if you want to add a user to an issue that is linked to a control, select the Controls tab.
Select the specific object. For example, if you want to add the user to an issue linked to control ID 1234, select that control.
Select the Issues tab.
Select the issue.
In the right pane, click the + icon.
Select a user from the Name drop-down menu.
In the Role field, select the object role for this user.
Roles and permissions overview for objects
Facepiles are found on all individual objects, such as risks, and in parent modules, such as the Risk Register. You can choose to add a user to a specific object OR the entire module.
Object roles include:
Managers
Can manage content, members, and settings
Can share, add, edit, or remove files
Contributors
Can share, add, edit, or remove files
Cannot add members or manage settings
Viewers
Can view information about objects where they are a member or have inherited access
Can export objects from the grid view if they are members of the objects or have inherited access
Optionally, enter a message.
Click Add.
The user is added to the issue.
If notifications are enabled, an email is sent notifying the user that they have been added.
Linking an additional affected object to an issue
Linking an additional affected object to an issue
From the left menu, select the tab that corresponds with the issue. For example, if you want to link an additional affected object to an issue that's linked to a control, select the Controls tab.
Select the specific object that the issue is linked to. For example, if the issue is linked to control ID 1234, select that control.
Select the Issues tab.
Select the issue.
In the right pane, click the arrow in the Link button next to Affect objects.
Select either Link new or Existing link.
If you select Link New, the Create New window opens. Select an object from the drop-down menu, name the object, and then click Create.
If you select Link Existing, the Link Objects window opens. Select the object or objects you want to link, then click Link.
The affected object is linked.
Link a task to an issue
Link a task to an issue
From the left menu, select the tab that corresponds with the issue. For example, if you want to remediate an issue that's linked to a control, select the Controls tab.
Select the specific object. For example, if you want to link the task to control ID 1234, select that control.
Select the Issues tab.
Select the issue.
In the right pane, scroll to Tasks, and then click + Task.
The Task window opens.
Do any or all of the following:
Enter a name for the task (required)
Enter a description
The following rich text formatting is supported: bulleted and numbered lists, headings, links, code, emojis, bold, italic, and strikethrough.
Change any of the following by hovering over and clicking the Edit icon. Note that the task's status cannot be changed until the task is created.
Assignee (by default, the task is assigned to the task creator)
Due date (this is the number of days out that you want the task to be due)
Priority
Click Create.
The task is created.