Skip to main content

Evaluating controls , requirements , and risks

Written by Hyperproof Support
Updated over 3 weeks ago

👥 Roles and permissions

The following users can evaluate controls, requirements, and risks:

  • Anyone with manager permissions for the evaluation

You’ll do the majority of your assessment work in the Evaluations tab. From here, you can assess your controls, requirements, or risks and record your findings. You can also assign evaluation work to different members of your team. As always, you can communicate with team members about a particular evaluation via the Activity Feed.

💡 Tip

Active evaluations can also be accessed via Work items. From the left menu, select Work items, then select the Evaluations tab.

💡 Tip

For more information, see the Tutorial videos at the bottom of the page.

To evaluate controls, requirements, or risks:

  1. From the left menu, select Assessments.

  2. Select your assessment.

  3. Select the Evaluations tab.

    evaluations-tab-generic.png

    A list of evaluations corresponding to the assessment’s controls, requirements, or risks is displayed.

  4. Select the evaluation you want to assess.

  5. From the right pane, do any or all of the following:

    1. Change the status of the evaluation

      • Not started - Work has not yet started on the evaluation.

      • In progress - The evaluation is currently being worked on.

      • Submitted - The evaluation has been submitted for review.

      • In review - The organization is reviewing the evaluation.

      • Closed - The evaluation has been canceled.

      • Approved - All information in the evaluation has been verified and accepted.

      💡 Tip

      In a risk assessment, the evaluation status is located in the upper-left area of the screen. In control and requirement assessments, the evaluation status is located in the upper-right.

    2. For control and requirement assessments, add or edit the evaluation reference. Note that Evaluation 1 and Evaluation 2 in Assessment 1, for example, cannot have the same reference value, but Evaluation 111 in Assessment 2 and Evaluation 1 can. The value can be empty; this does not affect uniqueness.

    3. For risk assessments, expand the Research section to link a research item

    4. Add a user or group to the evaluation

    5. Enter a description of the evaluation

    6. Change the evaluation assignee. This can be an individual user or group.

    7. Set the evaluation priority

    8. Enter the due date

    9. Enter your observations

    10. View the evaluation source

    11. Expand the Evaluating section to link objects (e.g. labels), tasks, proof, or related issues

      💡 Tip

      Proof that is indirectly linked to the evaluation is shown with an Indirect link icon.

      evaluations-indirect-link.png

    12. Click the facepile in the right pane to manage user permissions for the evaluation

      • Manager - Can manage and share content, and manage object members and settings.

      • Contributor - Can share, add, and remove files from objects where they are a member.

      • Viewer - Can view information about objects where they are a member or have inherited access.

    13. Communicate with team members via the Activity Feed

    14. Archive the evaluation

    💡 Tip

    Looking to score controls (either numerically or categorically)? Create a custom field on your evaluations.

Tutorial videos

Requirement assessments and evaluations

🔗 Embedded content: Open link

Control assessments and evaluations

🔗 Embedded content: Open link

Related Articles
Adding controls , requirements, or risks to an assessment
Evaluating risks
Evaluating proposed risks
Linking evaluation proof to controls or requirements
Importing evaluations
Did this answer your question?