Hello,
All IRM professionals know that we have OOTB GRC attestation template and it has 3 Qs, which ultimately gives us outcome as Compliant or Non-compliant. This outcome then gets logged against control we attested, further this status flows compliance scores of connected entities, control objectives, citation, policies, authority docs etc.
My use case is more advanced than this. I have 3 compliance status as below:
Effective - 100% compliance in last 30 days (monthly attestation frequency)
Partially effective - >= 90% compliance in last 30 days
Ineffective - < 90% compliance in last 30 days
All these will be part of my attestation template and entity owner will select the right option from above + provide evidence + comments if any.
Now comes my Qs -
1. Is there anything available OOTB for this use case which makes life easy for me and during the upgrades?
2. If not. what list of things need to be done to pick up owners compliance status from the attestation and how it can be linked to its connected control + further linking to compliance scores of connected entities, control objectives, citation, policies, authority docs etc.
3. Any guidance on keeping it OOTB
tx in advance
