Define which requirements are out of scope
Filtering Controls/Provisions
Once you have created your Requirements Based Assessment (RBA) the next step is to first exclude Provisions/Controls that are out of scope of the assessment. To do this, you can use filters. The filters that you can apply depending on the control set or authority you are using in the RBA. If you are using a control set, you can search for controls, as well as filter by control set domain. If you are using an authority document, the filters allow you to filter on any category/section/field of the authority document.
For instance, in this example, we are using the ISO 27001 Annex A authority. For this authority, you can filter on Section (1) and Sub-Section (2). Further, if you select More Filters (3), you can search across Control Objective (4) and Description (5).
If you apply a filter, the list of provisions will be updated accordingly.
Excluding Controls/Provisions
To exclude provisions or controls from the assessment simply select the provisions/controls you want to remove by checking the box next to the name of the provision/control. Using the filters you can easily find the provisions you want to exclude.
To exclude the provisions/controls, click Exclude.
Once you have clicked Exclude, the provisions/controls will be removed from the assessment.
Readding Provisions and Controls
To re-add provisions and controls, click the + Add Provisions/Controls button at the bottom of the screen.
The Add Provision/Control sidepanel will appear with the Excluded filter selected. To re-add the provisions or controls, click the Add button next to the name of the Provision/Control.
After clicking the Add button the Provisions/Controls will be re-added to the assessment.
The selected number of requirements that will be assessed are displayed on the main side panel screen.
