Show TOC

Process documentationRemediating Evaluation Issues Locate this document in the navigation structure

 

All of the evaluations, assessment surveys, manual test plans, automated and semi-automated control testing, and control monitoring, follow these basic steps:

  1. Evaluation

    Note Note

    This process does not apply to ad hoc issues.

    End of the note.

  2. Identification and creation of issues

  3. Remediation of open issues

  4. Reevaluation (for manual evaluations only). This is dependent upon the configuration done through the Customizing activities.

Prerequisites

You have created an evaluation with an issue and it has been approved, if review is required.

Process

This graphic is explained in the accompanying text.

  1. The tester receives the task to perform the manual test of effectiveness.

  2. The tester performs the test and submits it. If the test passes, the task is complete.

  3. If the test fails, the tester creates an issue and assigns it to an issue owner.

  4. The issue owner assigns the remediation task to an owner and submits it.

  5. The remediation owner creates, executes, and completes the remediation plan.

  6. The issue owner reviews the remediation and closes the issue.

  7. The tester performs the test of effectiveness again and submits it. If the test passes, the task is complete.

  8. If the test fails, the tester creates an issue and assigns it to an issue owner.

    The process continues until issues are closed.

Note Note

The process flow above is an example of manual tests of effectiveness and does not include Review Required nor Forwarding functionality. See Performing Tasks Related to Remediation.

End of the note.