Attestations are surveys that gather evidence to prove that a control is implemented. If
the control’s attestation field and respondents fields are set, then when a controls moves from
the Draft state to the Attest state, a notification
is sent to the attestation respondents.
Users can create multiple attestation types and set their policy statements to different
attestations. A sample attestation called GRC Attestation is also provided
as the default attestation which is composed of the following simple questions:
By default, GRC Attestation
is used for controls and provides the
following assessment questions:
- Is this control implemented?
- Attach evidence
My Attestations is in the Controls section of the
Policy and Compliance application and contains active attestations for which you are the
respondent. The attestations appear in a list with a single attestation record per control.
All Attestations is contained in the Controls
section of the Policy and Compliance application and contains all active attestations.
Compliance managers can create new attestation types containing different types of questions to
fit their needs. See Create a control attestation using the Attestation Designer.
Compliance managers can create a new set of questions for each policy statement. See Create an attestation type.