Answering review questions
Weitere Optionen
Questions and hints
Hint for auditors:
This information is only displayed if a hint for the auditor was recorded with the review question in the knowledge base and the review was not opened via the "My tasks" menu. Clicking on "Open" displays the hint. A hint might be, for example, a link to a document that is relevant for answering the question. These hints are only visible for the experts and professionals conducting the review. The interview partner does not have access to the hint.
Answering
Here, you are prompted to answer the review question. The answer can either be Yes/No/Partly or a score (from 0 to 5). What type of answer is admissible is dictated by the questionnaire in the knowledge base. Information gatherings are answered by filling in the comment and/or uploading an attachment.
If a review question is not relevant in the context of the review, it can be marked as "unnecessary". Unnecessary questions can be excluded from reports.
If a justification template has been assigned to the question in the knowledge base, it can be selected via the "Plus" button in the bottom right corner of the justification field. If no justification template has been prepared, the "Plus" is not shown.
The option to record a determination type is only available, if the audit management add-on has been activated in the current management system and the respective option has been activated under "Audit management → Settings".
On the right side, you can see the assigned protection targets and uploaded evidences can be viewed. The upload of evidences itself is located directly underneath the section for answering review questions/results. Large pictures/photos that are uploaded are downsized automatically before being embedded into reports (max. size 1 image per page).
Also on the right, the norm mappings of the review question are displayed, as set in the knowledge base (direct and indirect, further mappings).
If the review object is a revaluation, previous answers will be displayed below the review question.
Clicking on the previous answer opens a dialog that shows the answer history. This history shows previous answers as well as any uploaded evidences.
The right part of the assistant next to review questions and review results can be hidden using the little arrow.
Clarification needed
Questions can be marked with "clarification needed". They are then shown with an exclamation mark in the bar on the left.
This is necessary whenever something needs to be clarified before the review question or result can be assessed. After conducting a number of reviews, it can be very handy to have all open questions in one place. For this, you have the overview under "Risk management → Vulnerabilities → Clarification needed".
Entire review objects can also be marked with "Clarification needed", which marks all corresponding review questions and review results.
Add measure/control
Here, you can link measures and/or controls with the review result.
Click the respective button to open an overview. The overview lists all existing measures/controls you can link with the review question, as well as any knowledge base templates. Using the "plus" button, you can also create new measures/controls and link them.
| Measures/controls | |
|---|---|
| Templates | All templates for measures/controls that are linked with the current review question in the knowledge base. They are marked with a blue badge and their background is grey. They can be created with a double-click or with a click on the blue "Create" button (to the very right). They are shown even after a measure/control has been created from them for this review question. |
| Existing | All existing measures/controls of the management system, sorted by their relevance for the current review question. The sorting order is described further down in this table. Measures/controls can be assigned one by one or in multiples. Measures/controls that have already been linked with the current review question are no longer shown in the list. |
| Checkboxes | |
| ...based on templates | Shows only existing measures/controls created from templates that are linked directly in the knowledge base as a recommendation for a gap identified in this review question. |
| Linked standards/norms | Shows only existing measures/controls that are linked via their norm-mapping to the same standard/norm chapters as the review question, as well as any parent chapters. |
| Related standards/norms | Shows only existing measures/controls whose norm-mapping does not contain the same standard/norm chapters as the review question, but instead contains chapters that in turn reference the chapters of the review question (incoming and outgoing mappings between standards/norms). Parent chapters are not considered here. |
| Recently used | Changes the order of the measure/controls as follows: 1. measures/controls created from templates 2. templates for measures/controls from the current review question 3. existing measures/controls, in descending order by the date of their most recent assignment |
| Relationships | |
| This column explains the relationships of the listed measures/controls using badges. Explanations of the individual badges are given in tooltip. These can be displayed by hovering over a badge with the mouse. It is possible to search in this column, e.g. for standard/norm chapters mentioned in a badge. | |
| Blue number | Shows in how many reviews the measure/control has been linked with review questions or review results. |
| Green text | For measures/controls created on the basis of templates from a knowledge base, this shows the name of the template. Additionally, the badge's tooltip shows the knowledge base and its version. |
| Purple text | Shows onto which chapters (standard, numbering, and name) of a standard or norm a measure/control is mapped. |
| Pink text | Shows the further, indirect mappings (standard, numbering, and name) of a measure/control. |
| Sorting order | |
| First, you see existing measures/controls that have already been created elsewhere from knowledge base templates recommended here. These are followed by the templates. Then you see all existing measures/controls sorted by their relevance: those that have already been assigned to reviews multiple times; those that map onto the review question´s norm chapter; those that indirectly map the review question's norm chapter; all remaining measures/controls in alphabetical order. | |
Handle gaps
- It's possible to record the impact the linked measure's implementation has on the answer to the review question. When the measure is completed, the review object is automatically suggested for revaluation under "Risk management → Vulnerabilities → Objects of review"