General Assessment of the Control
This option allows your company to have a general assessment of controls within the management system. This assessment can be used and copied in all risk analyses that have been configured. In this way, organizations could have a central repository of controls and could be associated with the different analysis of different areas without needing to be assessed again.
To access it, when you click on the Control Management option, a higher menu is enabled with two options, by clicking on the General Assessment option you will access to the list of controls assessments of the organization.
With this option you can have a common controls repository, but different assessments in this way each assessment can be associated to the risk analysis where will be necessary.
These are the options you can perform:
New: Create new assessment to be able to copy it to the risk analysis. To create risk assessments, it is necessary to select the methodology to carry out this assessment, for this reason, when clicking on the new button, a pop-up window will open with the methodologies defined in 'Administration - Analysis Methodology - Controls Methodology'.
Remove: Remove assessment from controls that are no longer used.
Clicking on the link in the Assessment list will access to the screen where the controls will be assessed.
In the upper part of the screen we have the following fields:
Name: Name that identifies the assessment.
Metodology: Label to show the control methodology that is being used.
Creation Date: Date of the assessment.
Supervisor: Supervisor of the assessment. By Clicking on the red button will open a pop-up window with the employees defined in the Management - Employees option.
Create version: If this option is checked, whenever the established assessment is applied, a version will be created for not losing the data of the risk analysis.
To start creating controls to perform the assessment, you have the following options:
Botton new: This action will create a manual button to change the name and modify the assessment.
Recovery Controls - From Analysis: By Clicking on this button GlobalSUITE will open a window with the analysis where the methodology defined for the assessment is used. When opened, the analysis will be shown and the controls used will be shown in the analysis. By clicking on the column on the left, the controls will be automatically associated. If you click on the analysis, all the controls that belong to the analysis will be marked, this option avoids having to go one at a time.
Recovery Controls - From Catalog: By clicking on this button GlobalSUITE will open a window with the catalogs associated with the analysis where the control methodology is used. When it is opened, the catalogs and the controls will be shown in the catalogs. By clicking on the column on the left, the controls will be automatically associated. If you click on the catalog all the controls that belong to this catalog will be marked, this option avoids having to go one at a time.
Once the controls that are going to be associated with the methodology have been selected, these controls can be assessed. The difference between retrieving controls from the analysis or controls in the catalog is that if you already have an analysis with the assessed controls, when you relate it from the analysis, these controls will be copied with the assessment they already have. If on the other hand you want to start a assessment from scratch you have to import controls from the catalog.
Once the controls have been added, you can modify the dimensions of controls by clicking twice on the cell you want to modify.
In addition to these options to add controls we have the following options:
Remove: If a control is not necessary in the assessment, it will be selected in the table (by clicking on the control) and the Remove button will be clicked.
Clean: If a control has a assessment and you want to eliminate these assessments without removing the control, it will be selected in the table (clicking on the control) and the button will be clicked, it will remove all the information that contains the control, except the column First name.
Apply: Once all the controls have been assessed this button will be clicked on to copy the data to the analysis. Moving the mouse through this button will open two options
Apply all dimensions: All control information will be copied without differentiating whether the cell is empty or complete.
All controls: The information will be copied to all the selected controls, even if these controls already have data. In this case, these data will be replaced by the new ones.
Controls without assess: The information will be copied only in the controls that do not have data and GlobalSUITEwill not make any modification in the controls that have any dimension or attribute already assessed.
Apply Assessed dimensions: Only the dimensions of controls that contain data will be copied, obviating the empty dimensions.
All controls: The information will be copied to all the selected controls, even if these controls already have data. In this case, these data will be replaced by the new ones.
Controls without assess: The information will be copied only in the controls that do not have data and GlobalSUITE will not make any modification in the controls that have any dimension or attribute already assessed.
In order to apply these dimensions, you have to select the controls you want to copy by selecting them in the left column. The copy will be made only on the selected controls. If you want to select everything, click on the header of the first column to avoid going one by one.
Once the Apply button is clicked, taking into account what controls you want to apply the evaluation of this assessment, a pop-up window will open with all analysis where this methodology is used, by clicking on the left column a confirmation message will appear to be able to modify the risk analysis. The data of the risk analysis will be modified, if you do not have the option of Create Version, the old data will not be visible.
NOTE: In order for GlobalSUITE to correctly identify the controls, a comparison will be made between the name of the control in the assessment and the name of the control in the analysis. Therefore, the names must match in order to make the copy correctly.
Finally, this table will have the same functions as the rest of the GlobalSUITE tables, you can hide or show columns by clicking on the header of the table with the right button and you can select these columns. In addition, you can consult the information of the table by the selected column by clicking on the head of the column with the left mouse button. If you need to identify control of the table and the rest of controls that do not comply with this attribute.
In the image you can view the table using the filter and the menu of the columns opened for configuring the view.