Skip to content
English
Submit Support Ticket Customer portal Sign in
Knowledge Base Home
  • There are no suggestions because the search field is empty.

Requirement-Based Assessment rules

Learn how to use rules to optimize your workflow when using a Requirement-Based Assessment (RBA)

Table of contents

Rule assignment

The Rule Builder empowers users to create smart, dynamic compliance requirement-based assessments (RBAs) by defining rules that determine how custom fields behave.

These rules adapt based on the context of each compliance requirement, control, or answer, making assessments more intelligent and efficient by enabling users to configure rules that automatically guide field behavior, including when fields appear, what values they accept, and when evidence is required.

Configurable rule types

  • Show – When a field is displayed or hidden based on defined conditions.

  • Require Response For – Makes a field mandatory when specific criteria are met, ensuring a response is provided.

  • Require File Upload – Requires users to upload supporting evidence when defined conditions apply.

Why use rules?

The Rule Builder helps streamline compliance assessments by:

  • Reducing manual data entry
  • Increasing consistency across assessments
  • Preventing unnecessary work (e.g., skipping evidence requests for “Not Applicable” controls)
  • Supporting large-scale assessments without overwhelming users
  • Making assessments smarter and more context-aware

Setting up rules

Before creating rules, you must first ensure that there are response fields in the Fields tab.

Using the PCI-DSS 4.0.1 assessment template as an example, the following fields are needed.

  • Report Findings – Long text response
  • Working Notes – Long text response
  • Assessment Findings – Dropdown with response options: In Place, Not Applicable, Not Tested, Not In Place
  • Compensating Control – Dropdown with response options: Implemented, Not Implemented
  • Customized Approach – Dropdown with response options: Implemented, Not Implemented

01.23.10.2025

Once your custom fields are set up, navigate to the Rules tab and select Create rule.

Enter the rule's Name, then select + Add condition.

02.23.10.2025

Conditions are based on the fields from the requirement e.g. section, part, core, type.

In this example, the condition is set to:

  • When: Type is one of Requirement

Next, specify the actions that result when the conditions are met.

Actions are based on the fields for the assessment e.g. compliance status, implementation date, justification.

In this example, the condition is set to:

  • Show: Report Findings, Working Notes, Assessment Findings, and Compensating Controls.

    03.23.10.2025

Select Save to store your rule.

You can view, edit, or delete rule conditions at any time by returning to the Rules tab and selecting the relevant option.

04.23.10.2025

Note: If any conditions conflict, the Show rule will take precedence over the Hide rule.

When the assessment is in progress, the rules will be applied in the Response tab.

05.23.10.2025

06.23.10.2025

If you need to edit or delete a rule while the assessment is in progress, you must first move the assessment back to Draft status.

If existing data conflicts with the rule change, you will receive an on-screen prompt warning that the conflicting data will be lost.


Understanding Rule Validation Messages

When you create, update, or delete rules within an assessment, you may see validation or warning messages before saving your changes. These messages are designed to help you understand how your updates could affect existing responses.

Why am I seeing these messages?

Rules help control how responses behave in an assessment. When a rule changes, the system may need to:

  • Recalculate responses

  • Update values automatically

  • Clear responses that no longer meet the rule conditions

These changes are part of normal system behaviour. No information is removed unexpectedly — responses are simply adjusted based on the updated rules.

When will I see validation messages?

You may see a confirmation message when you:

  • Save a new rule

  • Update an existing rule

  • Delete a rule

  • Change an assessment’s status

These prompts help you confirm that you understand how responses may change.

Message examples

Saving a rule

Message:
Existing responses may be updated or cleared when this change is applied. Do you want to continue?

09.02-Screenshot 2026-02-09 110418

This appears when a new or edited rule could affect responses already entered in the assessment.

Deleting a rule

Message:
Responses set by this rule may be updated or cleared. Do you want to continue?

09.02.1-Screenshot 2026-02-09 110725

This confirms that removing a rule may change responses that were previously controlled by it.

What should I do when I see these messages?

  • Review your changes before confirming.

  • Consider whether existing responses should be recalculated.

  • If you’re unsure, you may want to review your rules or consult your team before continuing.

Validation checks when moving an assessment to In Progress

When you change an assessment’s status from Draft to In Progress, the system automatically checks how your rules work together. This helps make sure that existing responses behave as expected once the assessment becomes active.

These checks only happen when rules are enabled and may affect responses.

Why does the system check rule interactions?

Some rules depend on, or influence, other rules. Before an assessment goes live, the system reviews these relationships to identify whether:

  • Responses may be updated automatically

  • Responses may be cleared or recalculated

  • Rules could override existing answers

This process helps prevent unexpected changes after the assessment is in progress.

What happens during the validation process?

1. Confirmation before the check starts

When you move an assessment to In Progress, you’ll see a message explaining that rule interactions need to be reviewed.

09.02.3-Screenshot 2026-02-09 111613

You can choose to:

  • Continue – start the validation check

  • Cancel – keep the assessment in Draft

2. Rules are evaluated against existing responses

If you continue, the system begins checking how your rules interact with responses that already exist.

09.02-4-Screenshot 2026-02-09 111926

During this time:

  • A “Checking rule interactions” message is displayed

  • Editing is temporarily locked to prevent conflicts

  • If you try to make changes, you’ll see a message explaining that validation is still in progress

3. When the check finishes

Once the evaluation is complete, you’ll see a notification banner at the top of the screen. From here, you can review the outcome and decide whether to continue moving the assessment to In Progress.

09.02-5-Screenshot 2026-02-09 112024

You’ll always receive a completion notification — even if you navigate to another page while the check is running.

Possible outcomes

No response changes detected

09.02-6-Screenshot 2026-02-09 112144

If no responses are affected:

  • A confirmation message lets you know that no impacted records were found

  • The status change continues as normal

Rules may update responses automatically

If the system finds that rules could override existing responses:

09.02-7-7Screenshot 2026-02-09 112256

  • A dialog shows which rules are connected

  • You can review and adjust your rules before continuing

  • Or choose to proceed anyway

You’ll also receive an in-app notification when the check completes, so you don’t miss the result.

After the assessment moves to In Progress

Once the status change is complete:

  • You can edit responses normally

  • No validation errors should appear when updating responses

Validation when moving an assessment to In Progress with disabled rules

When you change an assessment’s status from Draft to In Progress, the system checks whether any rules are currently disabled. If disabled rules are found, you’ll see a message to help you decide how to proceed.

09.02-8-8Screenshot 2026-02-09 113651

This check ensures you’re aware of how disabled rules may affect your assessment before it becomes active.

When will I see this validation message?

You’ll see a message if:

  • You move an assessment from Draft to In Progress, and

  • One or more rules in the assessment are disabled

If no disabled rules exist, the status change continues as normal and no message appears.

What does the message mean?

The message simply lets you know that some rules are turned off and encourages you to review them before continuing. It avoids technical language and focuses on helping you make an informed choice.

You’ll be prompted to review the Rules tab if you want to make changes first.

Your options

When the message appears, you’ll have two actions available:

Review Rules

  • Stops the status change

  • Takes you directly to the Rules tab

  • Lets you check or update any disabled rules before continuing

Choose this option if you want to confirm your rule setup before moving forward.

Proceed Anyway

  • Continues moving the assessment to In Progress

If you continue:

  • Disabled rules will be treated the same as deleted rules

  • They won’t run or affect responses

  • They won’t be included in future rule processing for this assessment

This behaviour matches how the system handles deleted rules.

What happens if there are no disabled rules?

If all rules are active:

  • No validation message is shown

  • The assessment moves to In Progress without interruption

Editing rules or fields after a response check is completed

After a response change check has finished, you can continue working in your assessment. However, if you make certain edits, the system may need to run the cascading response check again to make sure everything stays accurate.

To help you decide how to proceed, you’ll see a confirmation message when editing actions could affect rule behaviour or responses.

09.02-9-9Screenshot 2026-02-09 114315

When will I see this message?

A validation dialog appears if you try to make changes after the response check has completed, including when you:

  • Edit an existing rule

  • Add a new rule

  • Delete a rule

  • Disable a rule

  • Add a new requirement

  • Add a new field

  • Delete a field

These actions may change how responses are calculated, so the system confirms your intent before continuing.

If no response changes were identified

09.02.10-Screenshot 2026-02-09 114457

The dialog will explain that:

  • No response changes are currently expected

  • Making edits will trigger another evaluation

  • The cascading response check will need to run again

You’ll be gently encouraged to continue without editing if no updates are necessary.

This helps avoid running additional checks when nothing has changed.

If response changes may occur

If the system has identified potential impacts:

  • The dialog clearly explains that responses may be updated or recalculated

  • You’ll see a list of rules that could be affected

  • The message explains that the cascading response check must run again if edits are made

This helps you understand exactly what might change before you continue.

What happens if I continue editing?

If you choose to proceed:

  • The system will re-run the cascading response impact check

  • Editing continues normally after validation

  • This ensures your assessment stays consistent and up to date

Additional information

All rule creation and modifications are automatically recorded in the History tab. This provides a complete audit trail, allowing users to track when rules were created, modified, or deleted, ensuring transparency and accountability throughout the assessment process.

Rules are automatically applied in below scenarios to maintain data integrity and consistency across the platform:

  • Importing assessment responses: When assessment responses are imported, all configured rules are enforced. If data is entered into fields that are hidden or marked as not applicable, the system will identify these entries and notify the assessor that such data will not be saved in the platform.

  • Reusing previous responses: Rules are also automatically applied when a user chooses to reuse previous responses. 

  • Bulk updates: During bulk updates, all applicable rules are evaluated and applied in real time. This helps prevent invalid or hidden field data from being processed, maintaining alignment with the established configuration.