Risk assessments

Assessments are surveys that gather evidence to determine risk. Risks start in a Draft state then move to Assess, which sends a notification to the Assessment respondents.

By default, GRC Assessment is used for risks and provides the following assessment questions:
  • Is this control implemented?
  • Attach evidence
  • Explain

My Assessments is contained in the Risk Register module and contains active assessments for which you are the respondent. The assessments appear in a list with a single assessments record per risk.

All Assessments is contained in the Risk Register module and contains all active assessments. The assessments appear in a list with a single assessments record per risk.

Compliance managers can create a new set of questions for each policy statement. See .