Requests

Overview

The Requests component is an important element of the Audit Center module, designed to help organizations manage information and action requests during the audit process. This component provides a structured approach to requesting, tracking, and fulfilling information needs and action items that arise during security audits and assessments.

Effective request management is essential for conducting thorough audits, gathering necessary evidence, and ensuring that all stakeholders contribute appropriately to the audit process. The Requests component integrates with other elements of the Audit Center and the broader Risk & Compliance Suite to provide a comprehensive framework for audit management and compliance.

Key Features

Request Creation and Management

• Structured Requests - Create detailed, specific requests for information or action

• Request Categories - Classify requests by type, priority, and related audit area

• Request Templates - Use standardized formats for common request types

• Bulk Request Creation - Generate multiple related requests simultaneously

• Request Tracking - Monitor the status and progress of each request

Request Assignment

• Recipient Designation - Assign requests to specific individuals or teams

• Due Date Management - Set and monitor deadlines for request fulfillment

• Notification System - Alert recipients about new requests and approaching deadlines

• Escalation Procedures - Address delayed or unfulfilled requests

• Reassignment Capabilities - Transfer requests to different recipients when needed

Request Fulfillment

• Response Documentation - Record and organize responses to requests

• Evidence Attachment - Link supporting documentation to request responses

• Response Review - Evaluate the completeness and quality of responses

• Follow-up Management - Track additional information needs or clarifications

• Closure Process - Finalize and document completed requests

Request Reporting

• Request Status Reports - Track fulfillment progress across all requests

• Overdue Requests - Identify requests past their fulfillment deadline

• Request by Recipient - Requests grouped by assigned individuals or teams

• Request Trends - Patterns in request creation and completion

• Audit-Specific Reports - Request status for specific audit activities

Getting Started

Accessing the Requests Component

1. Log in to your AskInfosec account

2. Navigate to the main dashboard

3. Select "Audit Center" from the main navigation menu

4. Click on "Requests" in the submenu

5. You will be directed to the Requests Management dashboard

Requests Management Dashboard

The Requests Management dashboard provides an overview of your organization's audit requests, including:

• Request Summary - Total requests by status and priority

• Recent Requests - Latest requests created or updated

• Overdue Requests - Requests past their fulfillment deadline

• Request by Recipient - Requests grouped by assigned individuals

• Request Trends - Patterns in request creation and completion

Managing Requests

Creating a New Request

To create a request for information or action:

1. From the Requests Management dashboard, click the "New Request" button

2. Enter basic request information:

   • Request Name

   • Description

   • Priority (High, Medium, Low)

   • Related Audit

   • Assigned To

   • Due Date

3. Add detailed information:

   • Specific information or action needed

   • Format requirements for responses

   • Reference materials or context

   • Success criteria for fulfillment

4. Click "Create" to add the request

5. You will be directed to the request details page for further documentation

Request Details

The request details page contains comprehensive information about a specific request:

1. Basic Information - Name, description, priority, and due date

2. Assignment - Individuals responsible for fulfilling the request

3. Status - Current state of the request fulfillment process

4. Related Items - Associated audits, findings, and corrective actions

5. Attachments - Supporting documentation and evidence

6. Comments - Discussion and updates related to the request

Creating a Request from an Audit

To create a request directly from an audit:

1. Navigate to the audit details page

2. Click "New Request"

3. Enter the request details as described above

4. The request will be automatically linked to the audit

5. Save the request

Request Assignment

To designate responsibility for fulfilling a request:

1. Navigate to the request details page

2. In the Assignment section, select:

   • Primary recipient (responsible for overall fulfillment)

   • Additional stakeholders (contributing to fulfillment)

   • Reviewer (verifies completeness)

3. Set or update the due date

4. Save the assignment information

5. The system will notify assigned individuals

Request Status Management

Requests typically follow this lifecycle:

1. Open - Initially created, not yet addressed

2. In Progress - Fulfillment activities have begun

3. Pending Review - Response provided, awaiting verification

4. Closed - Verified as fulfilled

5. Cancelled - No longer needed or applicable

To update a request's status:

1. Navigate to the request details page

2. Click "Update Status"

3. Select the new status

4. Provide comments explaining the status change

5. Upload supporting documentation if applicable

6. Save the status update

Request Fulfillment

Responding to Requests

To provide information or document actions in response to a request:

1. Navigate to the request details page

2. In the Response section, document:

   • Information provided

   • Actions taken

   • Explanations or context

   • Limitations or constraints

3. Save the response information

4. Update the request status as appropriate

Providing Evidence

To attach supporting documentation to a request response:

1. Navigate to the request details page

2. Select the "Attachments" tab

3. Click "Add Attachment"

4. Choose the attachment type:

   • Document upload

   • Screenshot

   • Link to existing document

   • External reference

5. Provide a description explaining how the attachment relates to the request

6. Upload or link the attachment

7. Save the attachment record

Request Review

To verify the completeness and quality of a request response:

1. Navigate to the request details page

2. Review the provided response and attachments

3. Determine if the request has been fully addressed

4. If complete, update the status to "Closed"

5. If incomplete, provide feedback and return to "In Progress"

6. Document the review process and decision

Request Integration

Linking Requests to Audits

Requests are typically created in the context of specific audits:

1. Navigate to the request details page

2. Select the "Audits" tab

3. Click "Link Audits"

4. Search for and select relevant audits

5. Save the associations

6. The request will appear in the related audits

Connecting Requests to Findings

To associate requests with audit findings:

1. Navigate to the request details page

2. Select the "Findings" tab

3. Click "Link Findings"

4. Search for and select relevant findings

5. Save the associations

6. The request will be visible in the finding details

Relating Requests to Corrective Actions

To connect requests with corrective actions:

1. Navigate to the request details page

2. Select the "Corrective Actions" tab

3. Click "Link Corrective Actions"

4. Search for and select relevant actions

5. Save the associations

6. The request will appear in the corrective action details

Request Reporting

Standard Reports

The system provides several standard request reports:

1. Request Register - Complete inventory of all requests

2. Request Status Report - Overview of fulfillment progress

3. Overdue Requests - Requests past their target completion date

4. Requests by Recipient - Requests grouped by assigned individuals

5. Audit-Specific Requests - Requests related to specific audit activities

Custom Reports

To create a custom request report:

1. Navigate to the Reports section

2. Click "Create Custom Report"

3. Select report type (Requests)

4. Choose filtering and grouping options

5. Select display columns and sorting

6. Generate the report

7. Export to PDF, Excel, or CSV format

Best Practices

Request Creation

• Be specific - Clearly define what information or action is needed

• Provide context - Explain why the request is important

• Set realistic deadlines - Allow adequate time for fulfillment

• Include references - Link to relevant standards or requirements

• Define success criteria - Establish how fulfillment will be measured

Request Assignment

• Choose appropriate recipients - Assign to individuals with relevant knowledge

• Consider workload - Avoid overloading specific individuals

• Clarify expectations - Ensure recipients understand what's required

• Establish priorities - Identify high-priority requests that need immediate attention

• Provide support - Offer assistance to help recipients fulfill requests

Request Fulfillment

• Be thorough - Provide complete information or documentation

• Respond promptly - Address requests within the specified timeframe

• Organize responses - Structure information in a clear, logical manner

• Include evidence - Attach supporting documentation when applicable

• Ask questions - Seek clarification if the request is unclear

Request Review

• Be objective - Evaluate responses based on the original requirements

• Provide feedback - Explain why responses are accepted or rejected

• Document decisions - Record the rationale for request closure

• Follow up - Ensure incomplete requests are addressed

• Learn from patterns - Identify common issues in request fulfillment

Troubleshooting

Common Issues

• Vague requests - Clarify unclear or ambiguous requests

• Missed deadlines - Follow up on overdue requests

• Incomplete responses - Provide feedback on what's missing

• Incorrect assignments - Reassign requests to appropriate recipients

• Duplicate requests - Consolidate similar or redundant requests

Getting Support

If you encounter issues with the Requests component:

1. Check the in-app help documentation

2. Contact your organization's system administrator

3. Submit a support ticket through the AskInfosec support portal

Conclusion

Effective request management is essential for conducting thorough audits, gathering necessary evidence, and ensuring that all stakeholders contribute appropriately to the audit process. The Requests component provides the tools and structure needed to create, track, and fulfill information and action requests in a consistent, comprehensive manner.

By following the processes outlined in this guide, you can establish a robust request management program that helps your organization conduct efficient audits, gather necessary evidence, and ensure appropriate stakeholder involvement in the audit process.