Creating an assessment program

Edit online

Use the Assessment component of IBM Data Risk Manager to create an assessment program for the assessment.

Before you begin

Ensure that necessary assessment frameworks are created in Framework Builder to meet your requirements. For more information about Framework Builder, see Framework Builder.

Procedure

  1. Log on to IBM Data Risk Manager Application Suite (https://<IDRM-Server-IP-Address>:8443/albatross/a3suite).
  2. Click the application menu icon Application navigation icon.
  3. Click Assessment.
  4. On the Assessment page, select a program from Program list. Scope and boundaries for the assessment is established as a program that is based on various factors such as business units, platforms, users, and roles.
  5. In the Assessment Program List section, click the Create Assessment Program icon Create assessment icon.
  6. On the Create Assessment Program page, set the following options, and click Create Assessment Program.
    Option Description
    Can be Shared Select to share or reuse the responses of this assessment program with other assessments.
    Name Name of the assessment.
    Framework Framework to be used for the assessment. The frameworks that are crated in Framework Builder are available for the selection.
    Entity List of entities or domain names for Non-PRA-based assessments.

    Select business entities or domain names to define scope of the non-PRA-based assessments. Assessment scoping ensures that the necessary data is collected in effective and efficient manner for risk evaluation.
    Start Date, Duration, Unit
    Start Date
    Assessment start date.
    Duration
    Assessment duration.
    Unit
    Unit of measure, for example, Day, Week, or Month.
    Description Description of the assessment.
    Objectives Purpose and goal of the assessment.
    Department Department name of your organization where the assessment program is being performed.
    Line of Business Line of business that is associated with the assessment.
    Security Classification Security classification of the information asset.
    Global Risk ID Global risk identification number that is mapped to relevant service offerings.

What to do next

Create an assessment. For the steps on how to create an assessment, see Creating an assessment for GDPR framework and Creating an assessment for non-GDPR framework.