To work with assessments, click the “manage assessments” link. In the table, you can see a list of existing assessments. A value of published=”yes” means that the assessment has been published to Isora GRC, and surveys are available to users. It does not indicate whether any individual surveys of the assessment have been launched.
All assessments that have ever been created will be listed here. This allows you to see both current and historical data. You can remove assessments by clicking the X next to them. You can also edit an existing assessment, or click the + button to create a new one.
...
The page you see when you edit an existing assessment is just like what you see when you create a new one, except it’s already filled in with existing data.
Historically, assessments would be targeted to one or more organizational units. In current versions of Isora GRC, you can create assessments that target various types of entities. Depending on the target type of an assessment, different options will be presented when you create a new assessment.
To create a new one, click the + button. This starts a 2-step process. In the first step, you assign a name, due date and assessment type. Depending on the type you choose, the following drop-down will be populated with question lists that are appropriate for the target type of the assessment. If this is a draft and you don't want anyone to actually start the assessment yet, leave the "publish on create" box unchecked.
...
Click “next” to proceed to the second step of the process. Depending on what type of assessment you are creating, the next step will offer different options. For example, if the target of the assessment type is "app," you type the name of the app you want to assess into the search box.
...
If the type of assessment you are doing includes unit-level questions, then you'll be presented with a list of organizational units, so you can choose whichever ones you want to include. Each OU chosen will result in a survey being published once the assessment is launched, and whoever has the authority within that OU will be able to answer the questions.
...
Continue clicking the checkboxes next to the OU names and filling out the forms for each OU, until all of the OUs that you want have been included. If you check the checkbox to “skip org units without sheets,” then any OUs that do not have any sheets of hosts will not be included in the assessment, even if you selected them. Until it has been published, you can edit the assessment later to add or remove OUs, or even change the assessment type or question list. Once published, you won’t be able to edit the assessment.
Click the “create” button to save the new assessment.
If you save an assessment without publishing it, you will see a published value of “no” in the assessments table. You can edit the assessment to make whatever changes you still need, then check the “published” checkbox to publish it later.
...
“Assessments” link in the Setup area of the Settings page. There you can work with Series and Assessments.
See also: What is an assessment series?
Working with Series
The “Series” page allows you to view and edit existing series or create new ones.
...
Each series has a name and a target type. Make sure you choose the correct target type, because later when you create an instance or an assessment within the series, your options will be limited based on the target type.
Possible Target Types
Target Type | Description |
|---|---|
Org Unit | Allows you to create organizational assessments, choosing any number of targeted organizational units. Surveys will include unit questions targeted to each OU and host categorization for any sheets belonging to targeted OUs. Only superusers can create Organizational Assessments. |
App | Allows you to create an app assessment for a given app in inventory, including an overall classification and app questions. Only superusers and assessment managers can create and complete app assessments. |
Vendor | Allows you to assess a vendor product. Anyone with a role in an OU can create and complete vendor assessments. |
Working with Assessments
On the “Assessments” page, you can work with existing assessments or create new ones. Before creating an assessment, the series must already exist. This is true even if you are going to do a one-off assessment. With the exception of vendor products, whatever objects are going to be targeted by the assessment must also exist in Isora GRC before you create the assessment. For example, if you want to assess an app called TimeSheets, the TimeSheets app must already be in inventory before you create the assessment. If you are assessing the MATH organizational unit, the MATH OU must already exist in Isora GRC.
Vendor assessments are handled a little differently from other types of assessments. There is a button on the assessments page where any authorized user can create a vendor assessment. When you create a new vendor assessment, in the process you can add a new product into Isora GRC’s database. You don’t need to do a separate step to add the vendor product into inventory.
...
When you create a new assessment, you’ll need to first choose the series and then the other options available to you will change depending on your choice. You can also choose whether or not to publish the assessment. Until it has been published, superusers can edit assessments to make changes like choosing a different question list, or a different set of organizational units to include.
Once an assessment has been published, the assessment managers and other Isora GRC users can view and work with it on the assessment module Assessment page when they log in. Assessments don’t show up on the Assessment page until they have been published.