📆 Following the demand, we extended our free trial to 30 days! No automated billing/upgrade. You decide!  

Compliance

Findings

Role Specific Access

The vucavoid Findings feature is accessible to users with the following roles:

  • Finding Manager: This role is responsible for managing and overseeing findings within the system, including documentation, status updates, and remediation processes.
  • Compliance Manager: Users with this role have access to view and manage findings, playing a key role in ensuring organizational compliance.
  • Risk Manager (view only): While primarily focused on risk management, users in this role have view access to findings, allowing them to understand the compliance landscape and its potential impact on risk.

Overview

Definition and Context

Findings in vucavoid represent actual observations of non-compliance, whether due to policy violations, incorrect IT configurations, illegal contractual clauses, or similar issues. It's important to differentiate findings from risks and incidents:

  • Risks are potential threats that could harm the enterprise.
  • Incidents refer to actual events that have already caused harm.
  • Findings are observed or recorded instances of non-compliance that have not necessarily led to materialized damage but may potentially lead to such outcomes if unaddressed.
Overview of all findings in vucavoid (demo data)
Overview of all findings in vucavoid (demo data)

Finding Attributes

Findings in vucavoid are characterized by a set of attributes that detail their nature, source, status, and management requirements.

Finding Basics

  • Title: Assign a concise title to the finding.
  • Description: Provide a detailed description of the finding, explaining the specifics of the observed non-compliance.
Attributes: Finding basics
Attributes: Finding basics

Intake Way

  • Identification: Choose how the finding was identified, with options like Internal Audit, External Audit, Site Inspection, various types of calls, Application Notification, Email, Assessment, or Other.
  • Identification Details: Offer further details on the identification, regardless of the chosen method.
  • Identifier: Select the vucavoid user who identified the finding.
  • Custom Identifier: Optionally, enter a custom name for the identifier of the finding.
Attributes: Finding intake way
Attributes: Finding intake way

Status

  • Status Options: Set the finding's processing status, with choices including Initial, Reviewing, Remedying, Closed, or Archived.
Attributes: Finding status
Attributes: Finding status

Finding Management

  • Owner: Appoint the person responsible for the finding, usually someone with business or technical responsibility in the relevant area.
  • Finding Managers: Assign vucavoid users with the Finding Manager role to the finding.
  • Watchers: Read-only access to the specific finding.
Attributes: Finding management
Attributes: Finding management

Priority

  • Priority Levels: Choose the urgency level of the finding from options like Urgent, High, Medium, Low, or Insignificant.
Attributes: Finding priority
Attributes: Finding priority

Parameters

  • Affected Criteria, Domains, Categories, and Standards: Tag the finding with relevant criteria, domains, categories, and standards for documentation and reporting purposes.
Attributes: Finding parameters
Attributes: Finding parameters

Findings List

The Findings List in vucavoid provides a centralized view of all findings, facilitating tracking and management.

  • Visible Information: For each finding, the list displays:
    • Title
    • Status
    • Remediation Strategy
    • Priority
    • Owner
    • Number of Affected Objects
  • Search and Filter: Utilize the search field and filters to quickly locate specific findings.
  • Pagination: Manage large numbers of findings using the pagination feature.
Overview of all findings in vucavoid (demo data)
Overview of all findings in vucavoid (demo data)

Remediation Workflow

vucavoid's remediation workflow focuses on effectively addressing and resolving findings.

  • Initiating Remediation: To start the remediation process for a finding:
    1. Navigate to the detailed view of the finding.
    2. Click the "Remediate" button located at the top right above the form.
  • Remediation Options: In the subsequent window, select from:
    • Remediate Finding: Implement one or more controls to address the finding. Select the applicable control.
    • Accepted, Not Remediated: Acknowledge the finding but choose not to remediate. This option increases the VUCA score due to the continued compliance violation.
    • Evaluation Basis Changed: If the basis for the finding's evaluation changes, this option reclassifies the finding as no longer relevant, without affecting the VUCA score.
Workflow to remediate findings in vucavoid (demo data)
Workflow to remediate findings in vucavoid (demo data)
Status of the remediation workflow for a finding in vucavoid (demo data)
Status of the remediation workflow for a finding in vucavoid (demo data)

Additional Information

This section provides extra insights and best practices for effectively managing findings in vucavoid:

  • Proactive Management: Regularly review and update the status of findings to ensure timely remediation and to prevent escalation into more serious incidents or risks.
  • Comprehensive Documentation: Thoroughly document each finding's details, including its source, nature, and potential impact. This ensures clarity and aids in determining the most appropriate remediation strategy.
  • Collaborative Approach: Encourage collaboration between Finding Managers, Compliance Managers, and other relevant stakeholders to develop effective remediation plans and to share insights on preventing similar findings in the future.
  • Leveraging Findings for Improvement: Use findings as opportunities to strengthen your organization's compliance posture. Analyzing patterns in findings can reveal areas needing more robust controls or policy adjustments.
  • Maintaining Compliance Visibility: Regularly review the findings list to keep a pulse on your organization's compliance status, helping to identify trends and prioritize actions.
Previous
Threats
Next
Risks

Cookie Use on Our Site

To ensure the smooth functioning of our website, we use a limited number of cookies. These cookies are essential for providing you with the services available on our website and to use some of its features. Here is a brief overview:
  • vucavoid_session: This cookie is essential for user authentication. It ensures that your session is secure and recognizes you as you navigate through our site.
  • XSRF-TOKEN: This cookie is critical for website security. It helps protect against cross-site request forgery attacks.
  • latest_marketing_banner_visible_{MARKETING_BANNER_ID}: This cookie simply remembers if you have seen our latest site banner, enhancing your browsing experience without tracking your personal data.

These cookies are strictly necessary to deliver the website, and therefore, we do not require your consent to place these cookies. For more information, please visit our Privacy Policy.