Skip to content

Introducing: Requirements based assessments (RBA)

Louis Strauss |

June 22, 2021
Introducing: Requirements based assessments (RBA)

Audio version

Introducing: Requirements based assessments (RBA)
5:00

Contents

We've been working on something big here at 6clicks and now it's finally ready! The team is proud to announce our new Requirements Based Assessment (RBA) workflow as part of the 6clicks Assessment Module.

RBA provides advisors and enterprise teams with the ability to run maturity assessments and audits in a flexible manner, whilst leveraging all the power of the 6clicks platform. It's big news!

RBA In-app GIF

 

Back in the Day...

The 6clicks Assessment module was originally designed for supply-chain/third-party assessments. The sender defines a series of questions, links them back to compliance obligations or references (optional), then selects a respondent and sends it to them. The respondent completes and submits the their responses and then the sender reviews said responses, as well as created risks, risk treatment plans, issues and issue actions for remediation then produces a customised report (mega time saver). We call this the Question Based Assessment (QBA). 

So, whilst the QBA is still fantastic for third-party assessments, it doesn't lend itself quite so well to an advisor running maturity assessments or an audit with their clients.

Feedback from you, was that you are often actively working with and talking to your client in a more fluid manner, meaning you wanted a more flexible and agile assessment capability. Further, QBA requires questions to be created, yet you are typically assessing directly against the requirements or obligations, as well as capturing multiple points of data against them (think: big spreadsheets). 

And so, in an effort to go beyond QBA and obliterate spreadsheets at the same time (always a good thing), RBA was born!

it's alive gif

But don't worry, the QBA assessment is still available for all your vendor/supply chain assessment needs!

 

Requirements Based Assessments: bye-bye spreadsheets

Advisors and enterprise teams like spreadsheets because they are highly flexible and scalable. But managing spreadsheets, reporting on spreadsheets and maintaining spreadsheets becomes a serious mess.

Our new RBA flow has the flexibility of a spreadsheet whilst leveraging the 6clicks platform, which includes the full power of custom reporting, risk and issue management, effective IP capture and re-use and so much more.

Brilliantly, all your data is centrally stored so you can easily create and manage assessment templates, work directly with your clients using our unique architecture and scale-up how many engagements your advisory or enterprise team members can run at once.

banging head gif

 

But, How?

When creating a Requirements Based Assessment, all you need to do is select the control set, policy or authority document you want to assess against using the New Assessment modal. Then, you define the fields you want to use to capture the data (think: applicability, current state or maturity, desired maturity, observations etc.).

We have three field types you can use to capture data against requirements:

  1. Dropdown (yes you certainly can define the dropdown options!)
  2. Long text response
  3. Short text response

For each of the requirements, you can also add Notes or Guidelines that you or your team members can read and refer to when completing the assessment with your client AND bulk remove requirements that are out of scope for the assessment! Huzzah!

 

And Then?

Once you have finished designing your assessment, you can then Publish the assessment and start responding. Awesomely, you can save it as a template which can then be used by any of your other advisors, ensuring best practice is accessible and repeatable across your advisory team.

RBA is ideal for ISO 27001 and ISM Statements of Applicability plus internal audits and maturity assessments where the assessor wants to capture multiple values e.g. current state and target state or design effectiveness and implementation effectiveness. Be sure to try the functionality for your next PCI-DSS, ASD Essential 8 or CIS 8.0 controls audit.

So powerful and yet so simple.

 

Anything Else?

Yup, if you are in "response mode", you can fill in the fields for each of the requirements and upload supporting evidence. When doing this you can also create risks, risk treatment plans, issues and issue actions as you go - giving you the flexibility to run things just the way you like it.

i like it a lot gif

Once the assessment has been completed and submitted, you can use our powerful custom report generator to produce branded reports that you can then provide directly to your client. Talk about easy!

 

Our new Requirements Based Assessment workflow allows advisors and enterprise teams to get out of spreadsheet hell and take their function to the next level - powered by 6clicks.

If you would like to discover more about Requirements Based Assessments check out our excellent Knowledge Base.

Or if you want to see it in action live, book a demo with our team below!

Watch webinar





Louis Strauss

Written by Louis Strauss

Louis is the Co-founder and Chief Product Marketing Officer (CPMO) at 6clicks, where he spearheads collaboration among product, marketing, engineering, and sales teams. With a deep-seated passion for innovation, Louis drives the development of elegant AI-powered solutions tailored to address the intricate challenges CISOs, InfoSec teams, and GRC professionals face. Beyond cyber GRC, Louis enjoys reading and spending time with his friends and family.