![Hyperproof.Io [Test] Help Center](https://downloads.intercomcdn.com/i/o/xgk1dxp2/757668/427b255f2659cc7e0853d6a00ec1/628914ae2617199b7d999ba797a5305a.png)
Hyperproof supports control, requirement, and risk assessments.
Assessments help you review, evaluate, and improve controls, risks, or requirements across your organization. Some common compliance frameworks that encourage control-based assessments are NIST and SOC 2.
Controls, requirements, and risks can be audited for attributes including design, language, effectiveness, and reliability. When your organization’s controls, requirements, and risks are sufficient, internal audits based on a Document Request List (DRL) run much more smoothly because the bulk of the work is already done.
Many organizations perform assessments for the following reasons:
Early detection - Routinely checking your controls, requirements, and risks for exceptions helps you find them more quickly.
Continuous improvement - Looking critically at your controls, requirements, and risks is the best way to ensure you’re not wasting resources.
Minimize risks - Quickly find exceptions and non-functional controls, requirements, and risks to minimize risk exposure.
Audit preparation - If you find and fix issues with your controls, requirements, or risks, there will be fewer for your auditor to report.
Assessment Process
A typical process that an organization might use to perform an assessment could include:
Choosing objectives
Selecting controls, requirements, or risks to evaluate
Deciding how to evaluate those controls, requirements, or risks
Writing tests for operational effectiveness
Selecting a framework to evaluate the design
Managing the project
Assigning work
Collaboration
Following up
Tracking and remediating issues