You can now view controls and linked responsibilities in RBA!

The 6clicks platform just got even better for compliance professionals! When 6clicks introduced Requirements-Based Assessments (RBA), it pioneered an agile and practical way to perform interview and self-assessment style workflows through the 6clicks platform.

Now, in a step to further improve your experience with RBAs, 6clicks is announcing a new enhancement that allows you to view internal controls, control responsibilities, and related responsibility tasks that may help inform your compliance posture with a certain requirement without having to navigate away from the RBA.

What are requirements-based assessments?

RBAs (Requirements-based assessments) enable you to perform audits and maturity assessments with more flexibility. In scenarios where you are conducting an audit or a maturity assessment for a client, a Question-Based Assessment (generally a great method!), sometimes falls short. And that’s where the RBA (Requirements-based assessment) comes to the rescue. 

They go beyond QBAs (questions-based assessments) which rely on questionnaires being crafted. RBA has a more holistic approach that takes into account the specific requirements for the audit or assessment. RBA is powerful because it lets you capture multiple data points (applicability, current maturity, desired maturity, implementation status, comments, etc.) against your compliance requirements. And no, you don’t need to bother with complex spreadsheets using 6clicks’ simplified approach. 

How does the new enhancement take user experience up a notch?

The new enhancement lets you view responsibilities and the related tasks without having to leave the RBA. This lets you quickly see the status of control responsibility tasks and internal control performance related to an external compliance requirement. Basically, it is perfect for confirming and proving compliance. 

If you are auditing a control set, you can measure the effectiveness of the control set based on the underlying tasks and responsibilities within that control set. Since you can now view the responsibility tasks in an RBA conducted against a control set or an RBA conducted against an authority, proving performance and compliance is easier and more efficient.

How does the new enhancement work?

For this enhancement to work efficiently, the control set must have assigned responsibilities linked to its controls when a RBA is conducted against a control set. For RBA conducted against an authority, the provisions in the authority must link to controls within the control set while the control set linked to the responsibility tasks. The important point to note is that on 6clicks, the controls and provisions directly or indirectly link to responsibilities. 

When you respond to an RBA, you just have to click on a specific requirement and then select the 'Requirement Details' tab on the right-side panel as shown below.

Selecting the Requirement Details tab will show you the following:

1. Control ID
2. Control title
3. Description of the control
4. Control set
5. Domain name
6. Provisions 
7. Responsibilities

By clicking on the clipboard icon next to a Responsibility, you can view the related task. 

You will be able to see the control responsibility overview as shown below with the following details:

1. Control ID
2. Control title
3. Description of the control
4. The user to whom the control is assigned
5. Control owner
6. Control responsibility tasks
7. Comments
8. Attachments

To learn more about utilizing this new enhancement for your compliance needs, check out the video below.

RBA is great for ISO 27001, creating the Statement of Applicability (SOA), internal audits, maturity assessments, etc. You can read more about RBA in the 6clicks knowledge base.