Learn how to create Requirement-Based Assessments (RBAs) and templates
Requirement-Based Assessments (RBAs) allow organizations to assess compliance against authority documents or internal controls.
By adding customizable fields to requirements, organizations can adjust the assessment criteria to suit their business needs.
You can define the scope of the assessment within its description (Overview) and by the other GRC objects you link to this assessment (Linked Data).
Start with navigating to Audits & assessments and clicking on Create assessment.
Select Requirement Based.
Table of contents:
- Starting from scratch
- Creating an assessment using a template
- Creating assessment templates
- Defining assessment scope and linking data
Starting from scratch
To create an RBA from scratch, go to the Start from scratch tab.
Fill in the following fields:
- Name: A unique name for the assessment
- Authority/Control Set: Select either a control set or an authority document to set the requirements against which the assessment will be conducted
- Respondent: Define whether the respondent for the assessment will be internal or external
- Product: Assign a product for the assessment. This field is optional and is used for grouping assessments.
Click Create to create the assessment. Alternatively, you can save as template which will create the assessment and save it as a template so you can reuse it for future assessments.
If you are creating a template, Respondent is optional.
Your next step may be:
- defining requirements that are out of scope,
- defining fields to assess the requirements against, or
- adding documents, notes, or guidance to your requirements.
Creating an assessment using a template
You can also create an RBA based on a template, a previously-run assessment, or a template added from the 6clicks Content Library.
In the Select from template tab, Find the template or previous assessment that you want to base your RBA on by using the search bar or the filters. Click Next to continue.
With the rest of the fields already pre-filled, you can give the assessment a new Name, and define its Respondent and Product.
Click Create.
Your next step may be:
- defining requirements that are out of scope,
- defining fields to assess the requirements against, or
- adding documents, notes, or guidance to your requirements.
Creating assessment templates
To create a new assessment template, simply follow the same steps for creating an assessment.
Once you have completed the necessary details, click Save as template instead of Create.
Your next step may be:
- defining requirements that are out of scope,
- defining fields to assess the requirements against, or
- adding documents, notes, or guidance to your requirements.
Defining assessment scope and linking data
Once you have created your assessment or assessment template, you can use the description field in the Overview side panel to define the scope of your assessment, describing the boundaries of what will be evaluated, including relevant areas, controls, requirements, or processes, and to explain how the results will be analyzed.
You can also define the scope of the assessment by linking it to other objects such as assets, risks, issues and incidents and control sets in the Linked Data area to associate this assessment with different objects in 6clicks. To do so, click on Linked Data, and either select a current link type or click on Add Data to add an additional linked data type and to select specific objects to link to this assessment.
Refining the assessment scope with the description and the linked data provides a more complete view of how the assessment connects to all the GRC data.