Audit Dashboard

What is an audit dashboard?

Audits in TrustOps help you visualize your readiness for the specific compliance standard you are adhering to. There are separate audit dashboards for each of the following standards:

• CMMC Level 1
• CMMC Level 2
• Earntrust GDPR
• Earntrust HITRUST
• HIPAA
• ISO 9001
• ISO 27001:2022
• ISO 27001
• ISO 27001 Controller
• NIST CSF
• NIST SP 800-171
• SOC 2
• SOC 2 Product 2
• SOX ITGC

Overview

On the “Overview” page, you can view the overall “Control Status” and “Policies Status” of your program, along with the overall audit readiness for different compliance standard audits like CMMC Level 2, SOC 2 etc. Each standard along with “Control Status”, “Evidence Upload”, “Policy Approval” and status of “Auditor Review” with the help of progress bar is displayed on the “Overview” page.

The following screenshot shows the Overview page of the “Audits.”

Standard Specific Overall Readiness

For each dashboard, data shows instant progress towards your evidence collection, passing controls, and policies approved with the help of visuals such as progress bars.

For example, let us consider SOC 2 standard

1. Click on the “Audits”.
2. Select “SOC 2”.

The Overall Readiness graph is shown for the particular selected standard where overall readiness is comprised of three key performance indicators:

1. Controls readiness: The green section shows how many controls are passing. The red section shows controls that are failing. The yellow section shows controls that are not tested. And the orange section indicates any planned controls. You can click on these colored sections to view details of ‘Passing Controls’, ‘Failing Controls’, ‘Untested Controls’ and ‘Planned Controls’.
   For example, the following screenshot shows the details of ‘Passing Controls’.
   
2. Evidence readiness: The green section shows controls with due or up-to-date evidence. The orange section shows controls with missing or outdated evidence. You can click on these colored sections to view details of ‘Controls with due or up-to-date evidence’ and ‘Controls with missing or outdated evidence’.
   For example, the following screenshot shows the details of the ‘Controls with missing or outdated evidence’.
   
3. Policy readiness: The green section shows policies you’ve approved. The orange section shows policies that are pending your approval. You can click on these colored sections to view details of the ‘Approved policies’.
   For example, the following screenshot shows the details of ‘Approved policies’.
   

Standard Specific Criteria Readiness

In this section, a high-level overview of all of the related controls that are part of the specific program you purchased is shown, including SOC 2, HIPAA, GDPR, and many more. Each criteria shows progress statistics on three main attributes for compliance readiness: Controls, Evidence and Policies. They are divided into different criteria for the selected standard.

For example, considering SOC 2 standard

1. Go to “Audits”.
2. Select “SOC 2”.
3. Scroll to “SOC 2 Criteria Readiness” section.
   The following screenshot shows the SOC 2 Criteria Readiness section with SOC 2 Criteria to the left-hand side and it’s attributes namely Controls, Evidence, Policies along with the progress statistics.
   

Criteria Readiness Details:

Select specific criteria shown under “Criteria Readiness” section of SOC 2 to view more information. The page will show more details regarding the controls and policies adhered to meet these criteria.

1. At the top of the page, more information about the Control Status, Evidence Status, Task Status, and Policy status, of the selected criteria is displayed.
2. A list of information about all of your controls mapped to the selected criteria is displayed.
3. Any controls or policies that are completely satisfied and require no additional work are highlighted in green on this page.
   The following screenshot shows criteria readiness details for ‘Control Environment’ criteria of SOC 2.
   

Step by step guide to using the Audit Dashboard:

1. On the Audit Dashboard page, the Overall Readiness graph is shown for the particular selected standard.
   Your overall readiness is comprised of three key performance indicators:
   1. Controls readiness: The green section shows how many controls are passing. The red section shows controls that are failing. The yellow section shows controls that are not tested. And the orange section indicates any planned controls.
   2. Evidence readiness: The green section shows controls with due or up-to-date evidence. The orange section shows controls with missing or outdated evidence.
   3. Policy readiness: The green section shows policies you’ve approved. The orange section shows policies that are pending your approval.
2. A Criteria Readiness report is displayed below the graph. This report shows progress statistics on the same three key performance indicators: Control, Evidence, and Policies. They are divided into different criteria for the selected standard.
3. Select specific criteria to view more information. The page will show more details regarding the controls and policies adhered to meet these criteria.
   1. At the top of the page, more information about the control status, evidence status, task status, and policy status of the selected criteria is displayed.
   2. A list of information about all of your controls mapped to the selected criteria is displayed.
   3. Any controls or policies that are completely satisfied and require no additional work are highlighted in green on this page.
4. Under the “Controls” section, the right side of the screen shows “Related Tasks”. Click on the “View Tasks” button to view all of the tasks that need to be completed to satisfy the control.
5. Under the “Policy” section,the right side of the screen shows “Related Tasks”. Click on the “View Tasks” button to view all of the tasks that need to be completed to satisfy the policy.
6. To switch to other criteria, use the drop-down menu in the top-right corner of the page to switch to other criteria without going back to the previous page.
   The following screenshot shows how to switch to other criteria without going back to the previous page.
   

Self Service Audit Management

Once you meet the audit thresholds set forth in the table above, you are ready to kick off your audit by using the self-service audit functionality available in the top-right corner of the dashboard.

1. Go to “Audits” in TrustOps.
2. Select the standard you want to start with the audit using self-service audit functionality.
   The following screenshot shows the self service audit management from Audit Dashboard.
   
3. Click on the “Create Audit” button.
4. Select your audit’s “Start date” and expected end date as “Target Date”.
   
5. Invite the auditors. Once you add or invite auditors, the auditors receive ‘auditor access’ in order to view the program.
   
6. Click on “Close” to close the “Add/ Invite Auditors” window.
7. Click on the “Create Audit” button.

Audit Progress

In TrustOps, for each standard, audit is marked as “Completed”, “Not Started” or “In Progress”.

1. For the Audit where the progress is marked as “Completed“, there are no action items. You can start a new audit by clicking on the “Contact Support” link provided.
   The following screenshot shows the SOC 2 standard audit which is completed along with the date of completion.
2. For the audit where progress is marked as “Not Started“, you can start your audit with the help of self service audit management by clicking on “Create Audit” button.
   The following screenshot shows the NIST SP 800-171 standard audit which is not yet started.
3. For the audit where progress is marked as “In Progress“, you can manage auditor access, invite new auditors or mark your audit as complete.
   The following screenshot shows the actions you can take when the audit is “In Progress”. 
   
   1. Manage Auditors:
      You can manage auditor access by clicking on “Manage Auditors” from the “Actions” dropdown.
      The following screenshot shows how to manage access for current auditors.
      
   2. Add New Auditors:
      You can add or invite new auditors by clicking on “Add New Auditors” from the “Actions” dropdown. It also gives you information about any pending invites.
      The following screenshot shows how you can add or invite new auditors.
      
      
   3. Complete Audit:
      You can complete the audit by clicking on “Complete Audit” from the “Actions” dropdown. Confirm this action by clicking on the “Yes, the audit is complete” button. This will mark your audit as “Completed”.
      

Bulk Export Audit Evidence

A key part of an audit is providing your auditor with evidence for controls, systems, policies, etc. With TrustOps, a dedicated audit management product, AuditLens, is provided, enabling auditors to complete their entire audit using the product itself. TrustOps also offers a bulk export of all the evidence by contacting the support team.

Here is a step-by-step video on how to use Audit Dashboard and how to best leverage it