Baselines

A Baseline object type represents a template of library requirements. It is self-contained, which means folders are created for each Baseline. Baselines in the Library represent elements of the IT operating environment. They are linked to Requirements for that type of element. The Baseline object is copied from the library to the business hierarchy, an association is made to a Requirement in the library, and Risk, Control, and Test object types are created as child objects. The Risk, Control, and Test objects are populated with data from the Requirement.

For example, a Baseline object can represent a collection of Requirement objects for a data center with Personally Identifiable Information (PII) and a Confidential Data classification. For each Requirement object, set up a best practice to define what to control (Risk object) and how to control it (Control object). You can also establish a practice for verifying the effectiveness of the Control (Test object).

Typically, Baseline objects are created in the library as a starting point. Baseline object content will later be modified to conform to a specific operating environment, and assessments will be performed against the actual operating environment for this content.

You add a Baseline object via the Add a Baseline link on a Control Plan's task view. The Baseline object is copied from the library to the business hierarchy, an association is made to a Requirement in the library, and Risk, Control, and Test object types are created as child objects of the Baseline object. The Risk, Control, and Test objects are populated with appropriate data from the Requirement.

From the Task View of a Baseline object, you can associate parent objects, attach files or links, and edit fields.

To see a history of changes, go to the Activity tab for the object.