Staying compliant with standards and frameworks relevant to your organization can be challenging in an ever-shifting regulatory environment. It requires keeping up-to-date with changes to requirements and analyzing these changes to measure and ensure your compliance, which can take a great deal of time, effort, and resources.
With 6clicks’ new Authority Gap Assessment feature, compliance professionals can quickly obtain an overview of updates on an authority document and instantly create an assessment against the new version of the authority using previous assessment responses. Learn how Authority Gap Assessment can make the lives of compliance professionals easier and help organizations maintain compliance amidst evolving regulatory requirements.
What is Authority Gap Assessment?
Authority Gap Assessment is a capability in the 6clicks platform that enables users to effortlessly identify, evaluate, and address the gaps between old and new versions of authority documents, like ISO standards, NIST frameworks, and the Australian Information Security Manual (ISM).
In essence, this new feature effectively eliminates the process of manually comparing different versions of an authority, creating assessment questionnaires from scratch, and responding to these questions, allowing compliance professionals to save time on repetitive and time-consuming tasks.
What are the components of Authority Gap Assessment?
The process of identifying and addressing gaps between authority versions can be broken down into two:
Version comparison
First, the Authority Gap Assessment feature enables users to view a summary of changes in an authority document (standard or framework).
From the Content Library, users can select the latest version of an authority and add it to their Compliance Management module. Users of the 6clicks platform have unlimited access to 6clicks’ vast collection of authority documents, templates, and other turnkey content in the Content Library.
6clicks has introduced a changelog feature in authority documents. These changelogs outline the differences or gaps between old and new versions of an authority. Users can now also view the content of each authority document in the Content Library without having to download it.
With just one click, users can see how many requirements in a new version of an authority are unchanged, updated, and completely new compared to the previous version. They can also access the details of the changelog to gain insights into specific changes, such as which requirements remain the same, which ones have been removed, revised, or consolidated, and which ones have been newly added, all without the need to review the entire document.
By understanding the gap between old and new versions of an authority, compliance professionals can then perform assessments to address these gaps and secure their organization’s compliance.
Reusing assessment responses
Once a user has added the new authority to their Compliance module, they can now create an assessment and have the responses pre-filled through the Reuse Response component of the Authority Gap Assessment feature. To create a new assessment, users can navigate to the Audits & Assessments module and choose either a question-based assessment or a requirement-based assessment.
Users can then select the new version of the authority and click ‘Add Response’ under the Responses tab. This will open a new Responses tab where the user can click on ‘Reuse Responses.’ This feature takes the data of an old version of the authority along with past assessment responses to automatically respond to the new assessment for the new authority version. The Reuse Responses feature will only be available if the system detects existing assessments for a current or previous version of an authority document.
Additionally, users have the option to select any version of the authority and a related past assessment. They can also choose to include other data such as attachments from the selected assessment. Once setup is complete, the user can proceed by clicking ‘Load Responses’ and the system will automatically generate a summary detailing the extent of the overlap between the data of the old assessment and the new authority and assessment.
This summary will display the number of questions from the past assessment that match the requirements of the new authority version, the number of responses that can be reused from that assessment, and the number of questions that will require new responses, clearly illustrating the “gap” that you need to address with the new assessment to remain compliant.
From there, the reused responses will be populated for the new assessment, and you can then add respondents and send invitations to complete the remaining unanswered questions.
As soon as a respondent starts answering the questions, the status will automatically reflect on the assessment details even before submission from any of the respondents, providing assessment owners enhanced visibility into the progress of the assessment.
By filling up as much of the assessment with preloaded responses and improving task monitoring, users can significantly expedite assessments that typically span weeks or months. Overall, the Authority Gap Assessment feature empowers organizations with better compliance oversight and more efficient compliance management processes.
What future enhancements are expected for the Authority Gap Assessment feature?
With our ongoing development and innovation of AI-powered GRC solutions, we remain committed to expanding the capabilities of the 6clicks platform, including the Authority Gap Assessment feature.
The initial release of the feature currently supports only authority versions from ISO, ISM, and NIST. Soon, the Authority Gap Assessment will be able to cover other authority documents as well as organizations’ internal authorities.
Augment your compliance management processes with 6clicks
Leverage our advanced capabilities such as the Authority Gap Assessment and 6clicks’ Compliance Management solution to implement a robust and agile security compliance program in your organization.
Written by Louis Strauss
Louis is the Co-founder and Chief Product Marketing Officer (CPMO) at 6clicks, where he spearheads collaboration among product, marketing, engineering, and sales teams. With a deep-seated passion for innovation, Louis drives the development of elegant AI-powered solutions tailored to address the intricate challenges CISOs, InfoSec teams, and GRC professionals face. Beyond cyber GRC, Louis enjoys reading and spending time with his friends and family.