Surveys of Items, Risks and Controls
Survey actions
Depending on the configuration and the survey model used, the survey will display several buttons in the header of the form:
Save: It allows to store the changes made in the survey. When you click on the button, it's checked that all the dimensions marked as mandatory in the model are completed.
Move to:
Previous Status: It allows to pass the survey to the immediately previous configured state, and assign it to the person in charge of said state. This button is only displayed if the status is set to "Return back" to Yes.
Next Status: It allows the survey to be passed to the immediately subsequent configured state, and assigned to the person in charge of said state. This button is only displayed if the status is set to "Automatic" to Yes.
Finish: This button is displayed when there are no configured states, or it is in the last state of the flow, and the possibility of "Consolidate the last status" is not activated.
Finish without consolidating: This button is displayed when you are in the last state of the flow, and the "Consolidate the last status" setting in the survey model is checked. This button allows you to end the survey without applying the changes to the risk analysis.
Finish and Consolidate: This button is displayed when you are in the last state of the flow, and the "Consolidate the last status" setting in the survey model is checked. When you click on the button, the survey is completed, and all the information created or modified in the survey is applied in the risk analysis.
Consolidate: This button is displayed when a survey has already been completed (the "Finish without Consolidating" button has been clicked on), and the "Consolidate the last status" setting in the survey model is marked. When you clicked on the button, all the information created or modified in the survey is applied in the risk analysis.
Back: It allows to leave the survey, and return to the general list of surveys.
Export: By clicking on this button, a report is generated and downloaded in .xlsx format with all the information of the survey regarding items, risks and controls and their evaluations at a given time.
Notify Supervisor: It allows you to send an alert or reminder by email to the person responsible for the survey.
Calculate Risk Analysis: This button allows you to calculate the automatic dimensions of the methodology, from the manual dimensions. This button will only appear if it has been configured in this way in the survey model. Otherwise, the dimensions will be updated directly after each change of the manuals.
Survey information
This section allows the user to view the methodologies and dimensions (Inventory, Risk Analysis and/or Controls Management) based on which the survey of Item, Risks and/or Controls will be performed.
Survey general data
You can define the following information:
Name: It allows you to define the survey name.
Type: It indicate the model type of the survey.
Department: It allows you to identify the department name on which the results have been obtained.
Supervisor: It offers the possibility of identifying the survey supervisor from the employees list
Other supervisor: It identifies other supervisor which is not active/inscribe in the platform. This field will not be displayed when the survey configuration has states and responsible for each one, since they will be inserted automatically.
Email: It has the possibility of including the email account for any notification..
Date: It indicates the date for conducting the survey.
Survey
The current option allows the user to assess the items and risks which have been defined in the section 'Management/Configure Surveys'. The platform offers the possibility of assessing the following parameters:
Nota: Depending on the type of survey (items, risks, controls), it will be displayed different tables.
Item Table
This table allows you to assess the dimensions of the items which have been defined in the section 'Management/Configure Surveys'. For this you have to select the specific item from the table that is located on the left and to assess the established dimensions on the right table. If the user wants to include new items, it can insert new elements clicking on the ‘Add’ button located on the ‘Item Table’.
NOTE: If the survey has been configured with the “Table Format”, it will not display the questions of the right part and performing the assessment on the items table directly.
Risk Table
The risk table allows the user to assess risks of the items selected in the item top table and previously defined in the section 'Management/Configure Surveys'. For this task, you have to select the item of the top table, select the specific risk of the left table and assess the dimensions established on the right table. If the user wants to include other risks in the survey it's possible to insert new elements clicking on the 'Add' button located on the ‘Risk’ table. In case you want to use the catalog of parametrized risks of the platform, you have to click on the button 'Recover Threats' located in the items Table for selecting the risks you want from the catalog.
NOTE: If the survey has not configured with the “Table” format, it will not display questions of the right part and and performing the assessment on the risk table directly.
Table of Controls
According to the survey is about control or risks and controls, the table of controls is shown differently in each case. For the case of a controls survey, the table is shown as follows:
The Table of Controls allows you to assess the dimension of the controls you have selected in the ‘Management/Configure Surveys’ section. For this task you have to perform the specific changes on the table of controls. If the user wants to include controls that are not included in the survey, it can insert new elements clicking on the ‘Add’ button located on the Table of Controls. For the case of the Survey of Risks and Controls, the table is displayed as follows:
For accessing to the table of controls it’s necessary to select previously the identified risks. For this task you have to select the specific item of the top table, select the risk on the left table and assess the controls located in the right table. If the user wants to include controls that are not included in the survey, it can insert new items clicking on the ‘Add’ button located on the Table of Controls. These controls will appear in green, indicating that they are controls incorporated in the survey. Additionally, the items, risks or controls that have been modified in the survey will be highlighted in yellow. In addition, the upper entity will also be highlighted in yellow. For example, if a risk is modified, the item to which it belongs will be also highlighted, which makes it easier to identify the changes made to the survey.
For the case of a survey of items and controls, the table is displayed as follows:
To access to the control table it's necessary to select in the table above the item from which to identify or evaluate controls. To include new controls (identified with a green background), you have to click on the "Add" button, while if you want to dissassociate a control from an item you have to click on "Remove" button. To assess the dimensions of the controls, select a control and click on "Assess Dimensions".
In addition, if Controls Evidence have been included in the survey , when you select a control, the associated Evidence will be loaded in the table below, and you can create new Evidence associated to the control, to reuse one of those already in the survey, or to incorporate Files attached to them.
Also, if you have included Actions of the controls in the survey, when you select a control, the actions associated with it will be loaded in the lower table, being able to create new actions or modify the existing ones.
Survey monitoring
It allows you to perform a survey monitoring, allowing any comment or observation on it. The changes, which are made in a survey, are recorded automatically.
In published surveys that have been completed anonymously (via link), it is possible to send the follow-up to the supervisor for the publication. To do this, it is necessary to select the desired monitoring and click on the "Send to the Supervisor" button.