As a pilot or contributor, you must go to Contributions to respond to an evaluation campaign. If your campaign includes several perimeters, you will have as many assessments to complete as there are perimeters concerned or assigned to you.
💡If the assessment includes a questionnaire and a policy, the assessment will always start with the questionnaire.
Responding to a questionnaire
All you have to do is click on the different sections of the questionnaire to answer them.
⚠️ Please note that when filling in a free text field, it is important not to reply with just a space, as this would prevent the evaluation from being submitted.
If you don't know what to answer, it's better to write a sentence or put NA
If you have already completed the same questionnaire for the same perimeter/application/provider, you can copy your previous answers and make any changes or clarifications.
🔎 Read this article to find out more about how to copy your previous answers.
🔎 Your assessment is automatically saved as soon as you make a response or a change.
Once you have provided all the necessary answers, you must submit the questionnaire by clicking on Submit in the top right-hand corner:
And automatically, you move on to the policy (if a policy has been set up in the campaign)
Completing the evaluation of a policy
The scale set in your campaign is used as the response scale for your policy.
For example, here I've set it with the public scale Compliance, which allows you to have 2 responses Compliant (worth 0) and Non-compliant (worth 100) as well as the non-applicable which I've authorised:
Depending on the scale selected, I may also need to specify the level of compliance with a slider, as here:
🔎 The level of compliance specified in an evaluation is then used to obtain a declarative score on the policy and therefore to monitor your compliance afterwards.
1. Without managing measures and actions
If the campaign is not set up to implement measures and collect actions, you will simply have to respond to the assessment by specifying your current level of compliance according to the scale set up in the assessment.
You can also add comments and evidence. Depending on the settings, this may also be compulsory.
2. With managing measures and actions
If the campaign is set up to associate measures and collect actions, you can do this directly during the assessment.
For example, with this ISO 27001 assessment campaign for the Bordeaux perimeter, I respond to the first control by stating that I comply with it. This automatically suggests measures associated with this control, which I can implement directly in my security base with associated run tasks:
However, for this control, I certify that I do not comply with it. I am therefore proposing to implement the measure and therefore to create an implementation action:
💡To find out more about the measures, read this article.
Once I've answered all the policy controls, all I have to do is submit this one.
🔎 Once the assessment has been submitted, the contributor can no longer modify their answers. They must ask the campaign manager to reject their assessment so that they can make the necessary changes.