Assessments#

Assessments track the implementation status of controls. They support a collaborative workflow between auditors and implementers.

Assessment Types#

TypePurposeSource
Document AssessmentAssess all controls in a documentAny control set
Gap AssessmentAssess only unmapped controlsCreated from a mapping

Creating an Assessment#

Document Assessment#

  1. Navigate to AssessmentsNew Assessment
  2. Select Document as the type
  3. Choose the control set to assess
  4. Name your assessment
  5. Optionally set a due date

Gap Assessment#

  1. Open a Mapping with gaps (unmapped controls)
  2. Click Create Gap Assessment
  3. Name your assessment
  4. Only the unmapped controls will be included
Gap assessments are linked to their source mapping, allowing you to fill gaps once controls are approved.

Assessment Workflow#

┌─────────────┐     ┌─────────────┐     ┌─────────────┐     ┌─────────────┐
│  Unassigned │ ──▶ │  Assigned   │ ──▶ │  Answered   │ ──▶ │  Approved   │
└─────────────┘     └─────────────┘     └─────────────┘     └─────────────┘
     │                    │                   │                    │
     │                    │                   │                    ▼
     │                    │                   │              ┌───────────┐
     │                    │                   └──────────────│  Revision │
     │                    │                        ◀─────────│ Requested │
     │                    │                                  └───────────┘
     Auditor            Auditor            Implementer          Auditor

1. Assign Controls (Auditor)#

Auditors assign controls to implementers:

  1. Open the assessment
  2. Click on a control to expand it
  3. Select one or more assignees
  4. The implementer receives the assignment

2. Answer Controls (Implementer)#

Implementers provide implementation status:

  1. Open My Assignments or the assessment directly
  2. For each assigned control, select a status:
    • Implemented — Fully implemented
    • Partially Implemented — Work in progress
    • Not Implemented — Not yet started
    • Not Applicable — Control doesn’t apply
  3. Add implementation notes/evidence
  4. Submit the answer

3. Review Answers (Auditor)#

Auditors review submitted answers:

  • Approve — Accept the response, adds to knowledge base
  • Request Revision — Send back with feedback for the implementer

Filling Mapping Gaps#

For gap assessments, once controls are approved, you can fill the gaps in the original mapping:

  1. Open the gap assessment
  2. Ensure at least one control is approved
  3. Click Fill Gaps
  4. Confirm the action

This will:

  • Create an implementation document (if not already created)
  • Add the implementation document as a target in the mapping
  • Link each approved control to its implementation evidence
  • Update the mapping’s coverage
Fill Gaps uses the approved answers to create implementation evidence. Make sure answers include sufficient detail.

Progress Tracking#

The assessment view shows:

  • Progress bar — Percentage of answered controls
  • Filter tabs — View by status (unanswered, answered, approved, revision requested)
  • Search — Find specific controls

Best Practices#

  1. Use descriptive notes — Implementation evidence should explain how the control is addressed
  2. Request revisions early — Don’t approve incomplete answers
  3. Fill gaps promptly — Keep mappings up to date with implementation status
  4. Review regularly — Revisit assessments to track ongoing compliance
Backward Mappings Troubleshooting Forward