Live Search spaceKey ZenGRCOnboardingGuide additional none placeholder Search our site type page
Overview
This step allows you to add all evidence requests at once. Audit tasks and evidence requests are created in an audit by importing a template containing the required data. Then, those tasks and requests are mapped to the scoped controls.
| Note | ||
|---|---|---|
| ||
For this step in audit creation, it is critical that your organization already has the framework for your compliance program set up in ZenGRC. Evidence gathering is one of the prime reasons for conducting an audit, and this step assigns evidence requests for effectiveness of controls, which are scoped to your program's objectives. Although there are no constraints in the application stopping you from skipping this step, remember that requests are an integral part of an audit. |
This step actually contains several sub-steps within it. They include the following activities, which are outlined on this page:
Downloading the import template.
Tip title TIP For an external audit, use the import template to transfer information from the Document Request List (DRL), which was received from your external auditors.
Tip title TIP For an internal audit, use the import template to add requests and tasks you feel evidence requests for controls that are pertinent to your internal compliance program.
- Completing the template.
- Importing the template into ZenGRC.
- Mapping the imported requests to the scoped available controls.
The Import Requests Template
ZenGRC supplies the import requests template with preformatted headings describing the information you need to enter to fulfill the audit requirements.
| Warning | ||
|---|---|---|
| ||
Jira audits have several important differences in template creation. For more information, please see Configuring CSV import for Jira integration. |
pre-formatted headings that correspond to request fields.
| Anchor | ||||
|---|---|---|---|---|
|
To download the import requests template, complete the following step:
- Click click here to download it link. The CSV file will open or download in the manner specified in your browser.
| Anchor | ||||
|---|---|---|---|---|
|
For an external audit, transfer the DRL information into the import template using provided headings.
For an internal audit, add requests and tasks Add requests surrounding the audit into the import template using provided headings.
| Notewarning | ||
|---|---|---|
| ||
If your organization has configured ZenGRC to communicate with Jira or ServiceNow, review those instructions for completing the requests template. Please see Creating a Jira Audit or ServiceNow Integration. |
| |
The request template for Jira audits have important differences that will cause errors if not set up correctly. After reviewing information on this page, please see Configuring CSV Import for the Jira Connector. |
The request import template contains the following fields:
- Request - This is the type of data you are importing. The cells under this heading stay blank.
- Title - This must be unique for every request so users can easily identify specific tasks when looking at a large amount of requests. The title limit is 250 characters. This is a required field.
- Description - An optional field for instructions on the evidence-collection task.
- Notes - An optional field for additional remarks.
Assignee - The user's email who will be fulfilling the evidence request. Make sure the email is already set up in the ZenGRC application. When a request is assigned or when comments are added to the request, the assignee receives notifications. This is a required field.
- Reviewers - An optional field for a review reviewer who accepts or rejects the evidence prior to the verifier, who accepts or rejects the evidence. Fill in the user's email.
Verifier - An optional field for who should verify the user who has the final review of this evidence request. Fill in the user's email. Make sure this user has an account with this email in ZenGRC. Users receive email notifications when the assignee submits evidence or when there are new comments.
Starts On - A required date field for when the request starts. If empty, the application posts a warning and will fill in the blank with the date the template is uploaded. The format should be MM/DD/YYYY. This is a required field.
- Due On - A date field for when the request is due. The format should be MM/DD/YYYY. ZenGRC uses this data for overdue calculations and warnings.
| Note | ||
|---|---|---|
| ||
Save this file in UTF-8 format with a CSV extension to your local machine for easy import. |
| Info | ||
|---|---|---|
| ||
For more information on formatting import data, please see Data Import. |
| Anchor | ||||
|---|---|---|---|---|
|
To import the template containing your audit requests, complete the following steps:
- Click Choose CSV to Import Requests.
- Select the template saved in the previous section.
Click Open. The application displays a message with import information.
- Click Import Requests. Alternatively, click Cancel if there are errors to correct.
- Click Next.
Info title NOTE Now follow the instructions under Importing a Template in Data Import.
Info title NOTE After importing requests, please see Mapping Requests to Available Controls.
Adding Individual Requests
On First Access to the Page
On first visit to the Step 3. Requests tab, if you want to create and add requests individually, complete the following:
- Click Add Requests Individually.
- The form for creating a new request displays.
- Once saved, the request will display in the mapper to add to controls.
After Importing Requests
After importing requests, but prior to activating the audit, you can still add requests manually by doing the following:
- Click + Add More Requests at the bottom of the page.
- This displays the page shown in the screenshot under the Overview section of this documentation where you can import a spreadsheet or create requests individually.
| Anchor | ||||
|---|---|---|---|---|
|
Available Controls
| Info | ||
|---|---|---|
| ||
If you are creating a Jira ServiceNow audit, requests cannot be mapped to controls. When imported, the requests request details display with no action available. Click Next to continue to the next step. For more information, please see Creating a Jira ServiceNow-Managed Audit. |
Once you have imported requests, the page displays to map them to audit controls.
The page for mapping requests to an audit is It is comprised of three columns as follows:
title TIPIn-Scope Available Controls – These are controls scoped to the audit in the second step Step 2. Scope.
Tip A red box with a “0” indicates that the control has no associated requests and needs attention.
- Requests Mapped to the Control Requests Mapped – This contains all requests mapped to the in-scope selected control. The column is blank when the page is initially accessed since the imported requests have not yet been mapped.
Requests to Map Available Requests – These are requests added to the template and imported for the audit. Any imported request can be mapped to any control within the audit.
| Info | ||
|---|---|---|
| ||
Additional After the audit is activated, additional requests can be imported from within the Audits module during an audit. |
Mapping Requests
To map requests to a scoped control, complete the following steps:
Select a control in the In-Scope Available Controls column.
Tip title TIP Selecting a control displays all mapped and unmapped requests to that specific control.
Click the plus button on
- Select a check box next to a request in the Available Requests column. This activates the Map Requests button.
- Alternatively, select the Select All check box to Map columnchoose all requests in the column.
- Click Map Requests.
- The request moves to the Requests Mapped to the Control Mapped column and is now scoped mapped to the control.
- Continue until all appropriate requests are mapped to the control.
- Select another control in the In-Scope Available Controls column and repeat the process.
| Info | ||
|---|---|---|
| ||
Once all requests are mapped to the controls, you can finish this step. Please see Completing the Step. |
Unmapping Requests
To remove requests from a scoped control, complete the following steps:
- Select a control in the In-Scope Available Controls column. This displays all associated controlsrequests.
- In the Requests Mapped to the Control column, click the minus button beside the control to be removed.
- Select a check box next to a request in the Requests Mapped column. This activates the Unmap Requests button.
- Alternatively, select the Select All check box to choose all requests in the column.
- Click Unmap Requests.
- The request is removed from the control and added to the Available Requests to Map column column.
Displaying Descriptions
To read descriptions of any control or request displayed, complete the following steps:
- Select an objective in the In-Scope Controls item in any column.
- Click the Details link. The description displays and the link says Hide Details.
Alternatively, click Hide Details to remove the description from display.
- The control or request opens in a new tab or window and displays all pertinent information.
Opening the Mapper Page
If you were interrupted during mapping and need to return to the mapper page, complete the following:
- On the Step 3. Requests tab, click Show mapper.
| Anchor | ||||
|---|---|---|---|---|
|
The step is ready for completion after requests have been imported and then mapped to scoped controls.
To complete this step and continue to the review, complete the following:
Click Next. The Review Step 4. Assessments page displays.
Info title NOTE Continue to the next section - Step 5: Reviewing and Starting the Audit4: Generating Assessments.