Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Removed reference to ServiceNow


Live Search
spaceKeyZenGRCOnboardingGuide
additionalnone
placeholderSearch our site
typepage

Overview


This step allows you to add all evidence requests at once. Audit tasks and evidence requests are created in an audit by importing a template containing the required data. Then, those tasks and requests are mapped to the scoped controls.

Note
titleIMPORTANT

For this step in audit creation, it is critical that your organization already has the framework for your compliance program set up in ZenGRC. Evidence gathering is one of the prime reasons for conducting an audit, and this step assigns evidence requests for effectiveness of controls, which are scoped to your program's objectives. Although there are no constraints in the application stopping you from skipping this step, remember that requests are an integral part of an audit.




This step actually contains several sub-steps within it. They include the following activities, which are outlined on this page:

  1. Downloading the import template.

    Tip
    titleTIP

    For an external audit, use the import template to transfer information from the Document Request List (DRL), which was received from your external auditors.


    Tip
    titleTIP

    For an internal audit, use the import template to add requests and tasks you feel are pertinent to your internal compliance program. 


  2. Completing the template.
  3. Importing the template into ZenGRC.
  4. Mapping the imported requests to the scoped controls.

The Import Requests Template


ZenGRC supplies the import requests template with preformatted headings describing the information you need to enter to fulfill the audit requirements.

Anchor
downloadingthetemplate
downloadingthetemplate
Downloading the Template

To download the import requests template, complete the following step:

  1. Click click here to download it link. The CSV file will open or download in the manner specified in your browser.

Anchor
completingthetemplate
completingthetemplate
Completing the Template

For an external audit, transfer the DRL information into the import template using provided headings.

For an internal audit, add requests and tasks surrounding the audit into the import template using provided headings.



Warning
titleWARNING

Jira and ServiceNow audits have important differences in template set up that will cause errors if not set up correctly. After reviewing information on this page, please see Configuring CSV import for Jira integration or ServiceNow Integration.


The request import template contains the following fields:
  • Request - This is the type of data you are importing. The cells under this heading stay blank.
  • Title - This must be unique for every request so users can easily identify specific tasks when looking at a large amount of requests. The title limit is 250 characters. This is a required field.
  • Description - An optional field for instructions on the evidence-collection task.
  • Notes - An optional field for additional remarks.
  • Assignee - The user's email who will be fulfilling the evidence request. Make sure the email is already set up in the ZenGRC application. When a request is assigned or when comments are added to the request, the assignee receives notifications. This is a required field.

  • Reviewers - An optional field for a review prior to the verifier, who accepts or rejects the evidence.
  • Verifier - An optional field for who should verify this evidence request. Fill in the user's email. Make sure this user has an account with this email in ZenGRC. Users receive email notifications when the assignee submits evidence or when there are new comments.

  • Starts On - A required date field for when the request starts. If empty, the application posts a warning and will fill in the blank with the date the template is uploaded. The format should be MM/DD/YYYY. This is a required field.

  • Due On - A date field for when the request is due. The format should be MM/DD/YYYY. ZenGRC uses this data for overdue calculations and warnings.

Note
titleIMPORTANT

Save this file with a CSV extension to your local machine for easy import. 


Info
titleNOTE

For more information on formatting import data, please see Data Import

Anchor
importingthetemplate
importingthetemplate
Importing the Template



To import the template containing audit requests, complete the following steps:

  1. Click Choose CSV to Import Requests.
  2. Select the template saved in the previous section.
  3. Click Open. The application displays a message with import information.


     

  4. Click Import Requests. Alternatively, click Cancel if there are errors to correct.
  5. Click Next.

    Info
    titleNOTE

    To continue this step and map requests, please see Mapping Requests to Scoped Controls.


Anchor
mappingrequeststocontrols
mappingrequeststocontrols
Mapping Requests to Scoped Controls


Info
titleNOTE

If you are creating a Jira audit, requests cannot be mapped to controls. When imported, the request details display with no action available. Click Next to continue to the next step. For more information, please see Creating a Jira Audit.


Once you have imported requests, the page displays to map them to audit controls.



The page for mapping requests to an audit is comprised of three columns as follows:

  • In-Scope Controls – These are controls scoped to the audit in the second step. 

    Tip
    titleTIP

    A red box with a “0” indicates that the control has no associated requests and needs attention.


  • Requests Mapped to the Control – This contains all requests mapped to the in-scope control. The column is blank when the page is initially accessed since the imported requests have not yet been mapped.
  • Requests to Map – These are requests added to the template and imported for the audit. Any imported request can be mapped to any control within the audit.

Info
titleNOTE

Additional requests can be imported from the Audits module during an audit.

Mapping Requests

To map requests to a scoped control, complete the following steps:

  1. Select a control in the In-Scope Controls column. 

    Tip
    titleTIP

    Selecting a control displays all mapped and unmapped requests to that specific control.




  2. Click the plus button on a request in the Requests to Map column.



  3. The request moves to the Requests Mapped to the Control column and is now scoped to the control.



  4. Continue until all appropriate requests are mapped to the control.
  5. Select another control in the In-Scope Controls column and repeat the process.
     
Info
titleNOTE

Once all requests are mapped to the controls, you can finish this step. Please see Completing the Step.

Removing Requests

To remove requests from a scoped control, complete the following steps:

  1. Select a control in the In-Scope Controls column. This displays all associated controls.



  2. In the Requests Mapped to the Control column, click the minus button beside the control to be removed.
  3. The request is removed from the control and added to the Requests to Map column.

Displaying Descriptions

To read descriptions of any control or request displayed, complete the following steps:

  1. Select an objective in the In-Scope Controls column.
  2. Click the Details link. The description displays and the link says Hide Details.



  3. Alternatively, click Hide Details to remove the description from display.

Anchor
completethestep
completethestep
Completing the Step




The step is ready for completion after requests have been imported and then mapped to scoped controls.

To complete this step and continue to the review, complete the following:

  1. Click Next. The Review page displays.

    Info
    titleNOTE
    Continue to the next section - Step 5: Reviewing and Starting the Audit.