Assessments are a part of the compliance process. Assessments are lists of questions that help to quantitatively note the status of items at a particular point in time.
Typically, this comes about when determining:
- Client compliance with your technical standards
- Client compliance with industry standards
- Clients complying with external regulations
- Clients complying with internal policies
- Your compliance with your service commitments
Assessments document items for review and remediation covering topics such as:
- Cloud deployments
- Work from home setups
- Client onboarding
- Disaster recovery
- Continuity planning
- Office 365 setup
- Migration readiness
- Training requirements
- HIPAA compliance
- NIST compliance
- GDPR compliance
- and much more.
Though assessments are often conducted using Excel, Word or other internal tools, assessments become much more valuable when they are:
- Comparable between occurrences (runs)
Through the assessments feature in CloudRadial, you can efficiently run through a series of fully customizable questions to analyze a client's risk and opportunities even comparing the improvements made since prior runs.
It follows a best practice quantitative approach to eliminate subjective differences found in qualitative assessments. This approach makes assessments more comparable no matter who conducts them.
If you're an existing partner and don't have any sample content loaded within your tenant, we have a NIST 800-171a assessment available for you.
Feel free to grab either the Excel file to import or the ZIP file to add to Partner > Content as a content package - just be sure to read the instructions below first.
Before diving into using Assessments, there are some terms that should be defined to help understand the assessments feature in CloudRadial. These are:
- Assessment - A standard template of questions covering a specific area of discovery.
- Run - The questions, answers and recommendations that cover an assessment area at a specific time. Runs belong to an assessment. At creation, runs inherit the current set of questions from the assessment. Questions can be added or removed to a run based on the needs at run time. For example, a new server may require an additional set of questions.
- Template - One or more questions that can be imported into an assessment or run.
- Archive - Assessments and their runs that are no longer being regularly updated with new runs but need to be kept for compliance or historical purposes.
In CloudRadial, assessments are located under the Compliance > Assessments section within the feature set of a given client.
Navigation of the Assessments Module
When you first navigate to the assessments module, there are three tabs to choose from:
Below, we'll break down how each section works.
Within assessments, you will start off on the Assessments tab by default. In CloudRadial, an assessment and its associated "runs" are the deliverables that you can edit and present to the client.
Assessments can either be created natively from within CloudRadial or uploaded from an Excel document.
For more information on uploading assessments via Excel, please click here.
Creating an assessment consists of naming it, setting it's description, visibility, status, and recommended run interval. Once the assessment has been created, it will behave like a frame to hold any questions that you deem relevant to apply against a client.
1. Modifying Assessments
Most of the control over assessments are handled using the 3 blue dot menu to the right of the assessment's name. Left-clicking on the blue dots next to an assessment opens the following options:
- Open - open the assessment and display any assessment runs that have been created.
- Edit - edit details of the assessment, as well as build questions for the assessment and it's runs.
- Run - run an attempt of the assessment, which you can then fill out and present to the client.
- Add Template - add a template from the second tab to add into the assessment.
- Save as Template - save a copy of the assessment as a template to use in other assessments.
- Export - export a copy of the assessment into an Excel file that you can modify.
- Update - update an assessment from an Excel file, letting you modify an assessment without making a new one.
- Archive - archive the assessment and its runs and move it to the third tab.
2. Adding Questions to Assessments
Assessments are comprised of questions. Clicking on the Edit option as described in the step above, and then select the Questions tab.
This area will allow you to add questions to the assessment. Each tab within the questions section allows you to customize and add details to the question, from general details to details on risk and remediation.
Once the question has been built, select Submit to finalize its details and add more questions until the assessment is complete.
While it's possible to create a detailed assessment from directly within CloudRadial, it's recommended to create it within Excel and upload it into CloudRadial since the management and manipulation of large volumes of data and fields will be significantly faster.
3. Running Assessments
Remember that the assessment is the frame - once it's been built, the next step is to run it for the client.
Select the 3 blue dot menu and select Run. This will launch a run (or attempt) of the assessment, which the assessor will then use to grade the client.
Clicking on the run will display, by default, the name of the assessment followed by a dash and the date of running. It will also display the score and status of the run.
Selecting the run will allow you to see visualizations of the assessment questions broken up by sections, which behave identically to CloudRadial's dashboard feature. Assessors will use the Details tab within the run to perform the assessment and add their findings to each question.
Clicking on each question and selecting Edit at the top right, or by using the 3 blue dot menu by each question and selecting Edit, will put the assessor in the area to modify each question.
Alternatively, for quicker editing, the assessor may also use the Edit Responses button at the top right when viewing a run to quickly assess each question. Selecting Finish Edit at the top right will save the choices selected by the assessor.
Assessors and clients can also view the Recommendations tab within the run to get a breakdown of the potential remediation efforts and costs to fix issues discovered.
4. Scoring Methodology for Assessments
It is possible to receive a negative score for an assessment.
The scoring methodology for questions within assessments is as follows:
- +2 Compliant
- +1 Partially Compliant
- +0 N/A
- -1 Missing
- -2 Not compliant
5. Managing Multiple Assessment Runs
Running the same assessment multiple times is easy within CloudRadial. Once at the overview for a given assessment's runs, the assessor can click on the 3 blue dot menu and have the option of jumping directly to its Summary, Details, or Recommendation tab.
The assessor will also have the option to Edit the run directly, and even delete it if necessary.
The assessor will be able to Export the run into an Excel file to better manage the data within - especially helpful for scoping out the work once the run has been completed.
The assessor also has the option to Update the run from an Excel file - useful for when they need to make sweeping changes in a run but don't want to edit each one manually from within CloudRadial. This will overlay new changes directly onto the original run.
Lastly, the assessor also has the option to Duplicate the run. This is best served for when an assessment run must be re-done with the same base questions already answered. It helps the assessor to build off of the results of a previous run without starting over from scratch.
6. Comparing Assessment Runs
One of the most powerful features of the assessments is the ability to cross-compare runs. This can show the client growth, progress, and maturity of IT efforts over time.
When multiple runs are completed for a given assessment, you can click on the Compare option at the top right of the assessment runs to get a side-by-side view of how things scored for up to 4 previous runs.
Templates serve an optional purpose for the overall assessment feature. They bundle questions together for usage in assessments as building-block modules.
1. An Example of How Templates Work
While assessments can be created and ran in totality without using the template feature, it can be extremely useful to instead bundle questions into templated segments that can be used as building blocks for future assessments.
For example, instead of having one giant assessment on security applied to every client, an MSP may decide it's better to part out each section of the security assessment into separate templates that they can then assemble into a better assessment for their clients.
Let's say our assessment is broken out into 5 templated sections, on:
- Digital Media
- Physical Protections
- Regulatory Compliance
Then the MSP can now put together an assessment with any combination of the five building blocks available to form their new assessment.
A client without regulatory compliance or digital media concerns can have an assessment put together of just templates 1, 2, and 4.
2. Templates as a Part of Content
Assessments can be saved as Templates, and Templates can be saved as content within CloudRadial's Partner > Content area. These templates can then be re-used for other clients to form scalable building blocks for assessments at a large scale.
Archives are simply the area where assessments and their respective runs can be stored out of sight when no longer needed. The data for archived assessments and runs can be restored by selecting Unarchive.
Global Overview and Partner Options
CloudRadial partners also have the option of seeing a global view for all assessments and runs by navigating to the Partner > Assessments area within the feature set.
They have the option of seeing an overview summary, or even the schedule for upcoming assessments (which is established on the assessment at the individual client level).
Partners also have the option of editing or creating their own response groups by clicking on the Settings option within this area. This allows partners to create responses other than the pre-loaded options - which is useful for localization as well.