Roles and permissions
The following roles can create an assessment:
Administrators
Compliance managers
A risk assessment allows you to evaluate a set of risks to identify gaps, changes, and enhance overall risk.
Note: You can only assess the risks you can access. If the evaluation assignee is a limited access user, they must be a member of the risk register to evaluate it.
From the left menu, select Assessments.
Click New.
The Create new assessment window opens.Select Risk assessment, then click Next.
From the Define assessment details tab, do the following:
In the Assessment name field, enter a name for the assessment.
Tip: The assessment's name can be edited later from the assessment's Details tab if necessary.
Optionally, if you want to create the assessment from a previous one, select the Create from a previous assessment checkbox. From the Previous assessment drop-down menu, select the previous assessment.
Additionally, select the Include assignees checkbox to keep the same assignees from the previous assessment.Optionally, in the Description field, enter an overview of the assessment.
From the Evaluation priority drop-down menu, select a default priority status to apply to all evaluations in the assessment.
Click the Evaluation due date link to select a default due date to apply to all evaluations in the assessment.
Click the Default risk register for proposed risks field to select a risk register where proposed risks will be assigned when approved. If you don't select a risk register, you can select one on the proposed risk evaluation record during the evaluation process.
Under Automations - If you want the risk evaluations to go through the approval workflow, make sure that Enable approvals is toggled on. This will require approval of an evaluation before updating the risk data with evaluation data. See Configuring an approval for step-by-step approval instructions.
Note: You can add or edit approval settings on the assessment Details tab.
Click Next.
The Choose risks to evaluate tab displays.From the Choose risks to evaluate tab, select the checkboxes next to the risks you want to assess. To narrow down search results, click the Filter icon in the upper-right corner. To select all risks, select the Select all checkbox in the upper-left corner.
Evaluation records created for the selected risks are assigned by default to the assessment creator.
Note: Only the risks you have access to are shown in this list. Selected proposed risks, or risks are assigned to the assessment creator.
Tip: The ID column can be resized to display the full risk ID.
Click Next.
The Select fields to change tab displays.
Note: You can change the list of selected fields from the assessment Details tab.
From the Select fields to change tab, select one or more fields from the drop-down menu that you want to evaluate and update as you go through your assessment.
Click Create assessment.
Do one of the following:
Click Skip to forgo importing requests into the assessment.
Click Download the example CSV to import a list of requests into the assessment. Refer to Importing requests for more information.
Click Go to assessment.
You’re taken to the assessment dashboard, where you’ll find information applicable to the assessment, such as progress and timeline.
Note: If you select Linked Controls as a field when configuring a risk assessment, the mitigation fields for those controls can be evaluated, and additional controls can be linked on the Evaluation window.