The power of the Authority mapping comes to life with reporting.
Head to the Reporting Module and select Authority to Assessment Mapping report.
You'll need to select an Authority that you've mapped target Authorities to, as well as an Assessment Template that is mapped to the Authority.
This report shows the following:
Assessment Compliance Chart
This chart displays the number of risks (or weighting) in each Authority section/category (name changes depending on Authority) based on the completed Assessments created from the selected Assessment Template.
Assessment Compliance Table
The table shows all the Provisions in the Authority and the Risk rating that comes from the mapped Assessment response.
You can see below that there are two Assessments that have been conducted using the Assessment Template.
You'll notice in the image above that the Total displays the lowest value, this is because in the filter options, the Roll-up method selected is Min. You can select:
- Min - the minimum risk (or weighting)
- Average - the average risk (or weighting)
- Max - the maximum right (or weighting)
These will change the values displayed in the Total and Assessment Columns respectively.
The Assessment Column values will change if there is more than one question mapped to the Provision in the Assessment.
There are a series of other filters including Third-Party, and Assessment.
Pivoting Results Using Authority Mappings
If the Authority you have selected is mapped to one or more target Authorities, you can view the results of Assessment with respect to any mapped target Authority using the Related Authorities box.
Select an Authority and the Assessment Results in the chart and table will be displayed relative to the Provisions of the selected Authority.
This allows you to view your level of compliance on an Authority that is mapped to an Authority you have run a Compliance Assessment with.
You can return to the source Authority by clicking on the Remove button above the Authority name, or by unselecting the Authority in the Related Authorities box.
The Related Authorities box gives you an overview of how many source Provisions (in this example ISO/IEC 27001:2013 Annex A) match the mapped target Provisions, as well as the percentage of source Provisions that are matched with a target Provision.
To learn about Hailey mapping, head here.
To learn about manual mapping, head here.