Requirement-Based Assessment Rules

Learn how to use rules to optimize your workflow when using a requirement-based assessments (RBA)

Table of contents

• Rule assignment
  • Configurable rule types
  • Why use rules?
• Setting up rules
• Additional information

Rules assignment

The Rule Builder empowers users to create smart, dynamic compliance requirement-based assessments (RBAs) by defining rules that determine how custom fields behave.

These rules adapt based on the context of each compliance requirement, control, or answer, making assessments more intelligent and efficient by enabling users to configure rules that automatically guide field behavior, including when fields appear, what values they accept, and when evidence is required.

Configurable rule types

The Rule Builder allows configuration of:

• Display conditions – control when a field is shown or hidden
• Conditional value logic – dynamically set or restrict field values (coming soon)
• Evidence requirements – determine when evidence uploads are mandatory (coming soon)
• Skip logic – skip questions or fields based on conditions (coming soon)

Why use rules?

The Rule Builder helps streamline compliance assessments by:

• Reducing manual data entry
• Increasing consistency across assessments
• Preventing unnecessary work (e.g., skipping evidence requests for “Not Applicable” controls)
• Supporting large-scale assessments without overwhelming users
• Making assessments smarter and more context-aware

Setting up rules

Before creating rules, you must first ensure that there are response fields in the Fields tab.

Using the PCI-DSS 4.0.1 assessment template as an example, the following fields are needed.

Report Findings – Long text response

Working Notes – Long text response

Assessment Findings – Dropdown with response options: In Place, Not Applicable, Not Tested, Not In Place

Compensating Control – Dropdown with response options: Implemented, Not Implemented

Customized Approach – Dropdown with response options: Implemented, Not Implemented

Once your custom fields are set up, navigate to the Rules tab and select Create rule.

Enter the rule's Name, then select + Add condition.

In this example, the condition is set to:

• When: Type is one of Requirement

Next, specify the actions that result when the conditions are met.

In this example, the condition is set to:

• Show: Report Findings, Working Notes, Assessment Findings, and Compensating Controls.

  

Select Save to store your rule.

You can view, edit, or delete rule conditions at any time by returning to the Rules tab and selecting the relevant option.

When the assessment is in progress, the rules will be applied in the Response tab.

If you need to edit or delete a rule while the assessment is in progress, you must first move the assessment back to Draft status.

Additional information

All rule creation and modifications are automatically recorded in the History tab. This provides a complete audit trail, allowing users to track when rules were created, modified, or deleted, ensuring transparency and accountability throughout the assessment process.

Rules are automatically applied in below scenarios to maintain data integrity and consistency across the platform:

• Importing assessment responses: When assessment responses are imported, all configured rules are enforced. If data is entered into fields that are hidden or marked as not applicable, the system will identify these entries and notify the assessor that such data will not be saved in the platform.

• Reusing previous responses: Rules are also automatically applied when a user chooses to reuse previous responses. 

• Bulk updates: During bulk updates, all applicable rules are evaluated and applied in real time. This helps prevent invalid or hidden field data from being processed, maintaining alignment with the established configuration.