Compliance Assessment

Modified on Mon, Dec 1 at 2:31 PM

You can find this module at the Company level only.

A compliance assessment is an evaluation process designed to determine whether an organization or system adheres to regulatory requirements, industry standards, or internal policies. These assessments can cover various areas, including financial regulations, data protection and privacy laws, cybersecurity standards, health and safety protocols, environmental regulations, and more.

The primary goals of a compliance assessment are to:

Identify Gaps: Determine where the organization's practices might not meet the required standards or regulations.
Mitigate Risks: Understand the potential risks associated with non-compliance, including legal penalties, financial losses, reputational damage, and operational disruptions.
Recommend Improvements: Provide actionable insights and recommendations to help the organization address compliance gaps and improve its overall compliance posture.
Ensure Accountability: Assign responsibility for compliance to specific organizational roles or departments.
Demonstrate Compliance: Help organizations prove to regulators, partners, customers, and other stakeholders that they fully comply with relevant regulations and standards.

MSPs can allow customers to join the portal to perform their self-assessments. Generally, MSPs do not conduct assessments on behalf of their customers.

Visit our YouTube Channel for more video content: https://www.youtube.com/@connectsecure

Table of Contents
Compliance Assessment - Details
Compliance Assessment - Toolbar Options
- Alerts
- Info
- Help Link
- Layout Settings
Get Support

Compliance Assessment - Details

Access the Compliance Assessment from the Compliance category.

The following compliance assessments are available.

Standard	Source
CIS v8.1	https://www.cisecurity.org/controls/v8-1
CMMC (Cybersecurity Maturity Model Certification)	https://www.cisa.gov/resources-tools/resources/cybersecurity-maturity-model-certification-20-program
Cyber Essentials	https://www.ncsc.gov.uk/cyberessentials/overview
Cyber Essentials Singapore	https://www.csa.gov.sg/our-programmes/support-for-enterprises/sg-cyber-safe-programme/cybersecurity-certification-for-organisations/cyber-essentials
DORA (Digital Operational Resilience Act)	https://www.eiopa.europa.eu/digital-operational-resilience-act-dora_en
DPDPA (Digital Personal Data Protection Act)
DSI SMB1001 (Dynamic Standards International)	https://dsi.org/smb1001
Essential Eight	https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight
FADP (Federal Act on Data Protection)	https://www.edoeb.admin.ch/edoeb/en/home/datenschutz/grundlagen/dsfa.html
GDPR (General Data Protection Regulation)	https://gdpr-info.eu/
HIPAA	https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html
HITRUST	https://hitrustalliance.net/
NIST 171 Rel2	https://csrc.nist.gov/pubs/sp/800/171/r2/upd1/final
NIST 800-53	https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final
NIST CSF 2.0 (NIST Cybersecurity Framework)	https://www.nist.gov/informative-references
NIS 2	https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32022L2555
NYDFS (New York Department of Financial Services)	https://www.dfs.ny.gov/industry_guidance/cybersecurity
PCI-DSS v4.0.1 Includes all 9 PCI SAQ types, fully mapped to PCI DSS v4.0.1	https://www.pcisecuritystandards.org/document_library/
WISP IRS	https://www.irs.gov/newsroom/a-written-information-security-plan-protects-tax-pros-and-their-clients

Tap on the Start Assessment button to get started.

You will see a table view where any existing assessments will be displayed. This will show the Name, Start Date, Last Updated Date, Completed Date, Status, and an Action menu.

To begin a new assessment, click on the +Add button.

Give the Assessment a name and save it.

The assessment will display the number of sections with their description and the number of questions on the left panel.

You can tap on the section name to see the questions. The answers do not have to be completed in any order and can be saved as a ‘draft,’ so you may revisit the assessment many times until it is fully completed.

Tap the upload evidence icon next to any question if you have any supported documents or files to provide.

After all questions in each section are completed, the assessment status will show as Completed. From the Action menu, you must select Fetch Latest Report, then choose View/Download to access your completed assessment, or Delete if you wish to remove it.

Once a compliance assessment is marked as 'Completed,' it becomes read-only. This is intentional — it helps preserve audit integrity and ensures the assessment remains unchanged for compliance tracking.

The file will be saved as a standard ZIP folder using the Assessment Name

The folder will contain a Word document and an Excel file with the provided data.

Compliance Assessment - Toolbar Options

Alerts

View our timeline style of System Events captured for each company. You can set an optional date filter range to target a specific date range of events.

Info

Tap here to view your V4 Getting Started Info.

https://cybercns.atlassian.net/wiki/x/MIDKfw

Help Link

Click to access the related documentation page; this link is functional on all screens and will take you to the appropriate documentation page.

Layout Settings

Here, you can change the UI look and feel using various options, including the Theme for color, the Scheme for dark and light mode, the Layout for toolbar and module positions, and the toggle to set the table view default.

I prefer the Teal color, Light mode, and Classic layout with an asset table view.