Live Search spaceKey ZenGRCOnboardingGuide additional none placeholder Search our site type page
Overview
This step allows you to add all evidence requests at once. Audit tasks and evidence requests are created in an audit by importing a template containing the required data. Then, those tasks and requests are mapped to the scoped controls.
| Note | ||
|---|---|---|
| ||
For this step in audit creation, it is critical that your organization already has the framework for your compliance program set up in ZenGRC. Evidence gathering is one of the prime reasons for conducting an audit, and this step assigns evidence requests for effectiveness of controls, which are scoped to your program's objectives. Although there are no constraints in the application stopping you from skipping this step, remember that requests are an integral part of an audit. |
This step actually contains several sub-steps within it. They include the following activities, which are outlined on this page:
Downloading the import template.
Tip title TIP For an external audit, use the import template to transfer information from the Document Request List (DRL), which was received from your external auditors.
Tip title TIP For an internal audit, use the import template to add requests and tasks you feel are pertinent to your internal compliance program.
- Completing the template.
- Importing the template into ZenGRC.
- Mapping the imported requests to the scoped controls.
The Import Requests Template
ZenGRC supplies the import requests template with preformatted headings describing the information you need to enter to fulfill the audit requirements.
| Warning | ||
|---|---|---|
| ||
Jira audits have several important differences in template creation. For more information, please see Configuring CSV import for Jira integration. |
| Anchor | ||||
|---|---|---|---|---|
|
To download the import requests template, complete the following step:
- Click click here to download it link. The CSV file will open or download in the manner specified in your browser.
| Anchor | ||||
|---|---|---|---|---|
|
For an external audit, transfer the DRL information into the import template using provided headings.
For an internal audit, add requests and tasks surrounding the audit into the import template using provided headings.
| Note | ||
|---|---|---|
| ||
If your organization has configured ZenGRC to communicate with Jira or ServiceNow, review those instructions for completing the requests template. Please see Creating a Jira Audit or ServiceNow Integration. |
The request import template contains the following fields:
- Request - This is the type of data you are importing. The cells under this heading stay blank.
- Title - This must be unique for every request so users can easily identify specific tasks when looking at a large amount of requests. The title limit is 250 characters. This is a required field.
- Description - An optional field for instructions on the evidence-collection task.
- Notes - An optional field for additional remarks.
Assignee - The user's email who will be fulfilling the evidence request. Make sure the email is already set up in the ZenGRC application. When a request is assigned or when comments are added to the request, the assignee receives notifications. This is a required field.
- Reviewers - An optional field for a review prior to the verifier, who accepts or rejects the evidence.
Verifier - An optional field for who should verify this evidence request. Fill in the user's email. Make sure this user has an account with this email in ZenGRC. Users receive email notifications when the assignee submits evidence or when there are new comments.
Starts On - A required date field for when the request starts. If empty, the application posts a warning and will fill in the blank with the date the template is uploaded. The format should be MM/DD/YYYY. This is a required field.
- Due On - A date field for when the request is due. The format should be MM/DD/YYYY. ZenGRC uses this data for overdue calculations and warnings.
| Note | ||
|---|---|---|
| ||
Save this file with a CSV extension to your local machine for easy import. |
| Info | ||
|---|---|---|
| ||
For more information on formatting import data, please see Data Import. |
| Anchor | ||||
|---|---|---|---|---|
|
To import the template containing audit requests, complete the following steps:
- Click Choose CSV to Import Requests.
- Select the template saved in the previous section.
Click Open. The application displays a message with import information.
- Click Import Requests. Alternatively, click Cancel if there are errors to correct.
Click Next.
Info title NOTE To continue this step and map requests, please see Mapping Requests to Scoped Controls.
| Anchor | ||||
|---|---|---|---|---|
|
| Info | ||
|---|---|---|
| ||
If you are creating a Jira audit, requests cannot be mapped to controls. When imported, the requests display with no action available. Click Next to continue to the next step. For more information, please see Creating a Jira Audit. |
Once you have imported requests, the page displays to map them to audit controls.
The page for mapping requests to an audit is comprised of three columns as follows:
In-Scope Controls – These are controls scoped to the audit in the second step.
Tip title TIP A red box with a “0” indicates that the control has no associated requests and needs attention.
- Requests Mapped to the Control – This contains all requests mapped to the in-scope control. The column is blank when the page is initially accessed since the imported requests have not yet been mapped.
Requests to Map – These are requests added to the template and imported for the audit. Any imported request can be mapped to any control within the audit.
| Info | ||
|---|---|---|
| ||
Additional requests can be imported from the Audits module during an audit. |
Mapping Requests
To map requests to a scoped control, complete the following steps:
Select a control in the In-Scope Controls column.
Tip title TIP Selecting a control displays all mapped and unmapped requests to that specific control.
- Click the plus button on a request in the Requests to Map column.
- The request moves to the Requests Mapped to the Control column and is now scoped to the control.
- Continue until all appropriate requests are mapped to the control.
- Select another control in the In-Scope Controls column and repeat the process.
| Info | ||
|---|---|---|
| ||
Once all requests are mapped to the controls, you can finish this step. Please see Completing the Step. |
Removing Requests
To remove requests from a scoped control, complete the following steps:
- Select a control in the In-Scope Controls column. This displays all associated controls.
- In the Requests Mapped to the Control column, click the minus button beside the control to be removed.
- The request is removed from the control and added to the Requests to Map column.
Displaying Descriptions
To read descriptions of any control or request displayed, complete the following steps:
- Select an objective in the In-Scope Controls column.
- Click the Details link. The description displays and the link says Hide Details.
- Alternatively, click Hide Details to remove the description from display.
| Anchor | ||||
|---|---|---|---|---|
|
The step is ready for completion after requests have been imported and then mapped to scoped controls.
To complete this step and continue to the review, complete the following:
Click Next. The Review page displays.
Info title NOTE Continue to the next section - Step 5: Reviewing and Starting the Audit.