Skip to main content

2. Information security mandate action plan governance process

In this article you will learn how to manage an action plan governance process and an action plan assessment.

Managing an action plan governance process

The 'Pilot-admin' role is required to create, update or close an action plan governance process.

Creating an action plan governance process

From the QuartzGOV homepage, click on the settings button on the top right of the screen to open the settings menu. From this screen you can select the 'Governance processes' option and click on the 'new' button.

Accessing the governance process creation screen

image.png
info

The following articles also refer to the Governance Processes screen:

Governance Mandate 2. Governance mandate action plan process

Master and Key Controls 2. ARIC process management

Oversight, Audit and Tracking 2. Audit action plan governance process 3. Audit email tracking

Risk Management 1. Risks

The governance process creation screen will appear. On this screen you can:

  • Select 'Action plan tracking' from the 'type' drop-down list;
  • Select 'Information security mandate' from the 'business unit' drop-down list;
  • Select the fiscal year you want from the 'Fiscal year' drop-down list;
  • Add the name of the action plan governance process;
  • Select start, end date, and deadline;
  • And, click on the 'create' button.

Action plan governance process creation screen

image.png
warning

It is not possible to create a new action plan governance process while one is already open.

Updating an action plan governance process

From the settings menu, click on the 'governance processes' button to display the governance process list. Open 'Action plans tracking - information security mandate' and click on the 'edit' button in order to open the edit screen. You can edit the field you want update.

Action plan governance process update screen

image.png

Closing an action plan governance process

From the QuartzGOV homepage, click on the 'Action plans progress tracking | Information security mandate' link under the field with your name in order to open the action plans assessment screen. From this screen, click on the 'close process' button on the top right of the screen.

Action plans assessment main screen

image.png
warning

All action plans must be completed in order to be able to close the process.

You can click on the 'validate' button in order to see the action plans that remain to be completed.

Managing PBI/CR/DS validation and action plans assessment

The 'Pilot-GrpBusinessUnit-Information securityMandate' role is required to manage action plans and deliverables assessment.

Inviting an action plan owner to perform their assessment.

From the QuartzGOV homepage, click on the 'Action plans progress tracking | Information security mandate' link under the field with your name in order to open the action plans assessment screen.

info

Action plans owners or delegates that have not started their assessment appear with the 'not started' status.

To invite someone, click on the card with their name and click on the 'send reminder' button. The person will receive a notification on QuartzGOV and an email invitation with a link to go to his action plan assessment screen.

Inviting action plan owners or delegates

image.png

Accessing your assessment dashboard

You can access your action plan assessment dashboard from the application or from your email address if you have received an invitation email.

Accessing the dashboard from QuartzGOV

From the QuartzGOV homepage, click on the 'Action plans progress tracking | Information security mandate' link under the field with your name in order to open the action plans assessment screen. from tis screen you can click on the card with your name and click on the 'Review action plans' button in order to open your assessment dashboard.

Accessing the dashboard from your email address

Click on the invitation link from your email.

Email invitation template image.png

Performing PBI/CR/DS validation and action plans assessment

warning

The process is to provide a status for PBI/CR/DS validation before evaluating the related action plan.

From your action plans assessment dashboard:

  • You can view all details about action plan by clicking on the ' view details' button;
  • You can see all actions plan linked to the mandate in the summary on the left of the screen;
  • You can add a comment action plan assessment with the 'Edit comment' button;
  • You can click on the 'Lock assessment and start review' to start the PBI/CR/DS validation assessment;
  • You can click on a status to provide a status to each deliverable;
  • And you can click on the 'action plan' button to go to the action plan assessment.

Then you can perform the same actions for the action plan assessment.

Action plan assessment dashboard

image.png
warning

Users with the 'Pilot-GrpBusinessUnit-Information securityMandate' role can assess everyone's action plans.

Perform an action plan and PBI/CR/DS validation review

warning

Once the assessment is done, it must be reviewed by another user with the 'Pilot-GrpBusinessUnit-Information securityMandate' role

From the action plan assessment main screen, click on the 'review assessment' button on a card with the 'pending review status' in order to display the action plan dashboard with the evaluation:

  • You can add comment with the 'edit comment' button;
  • You can click on the 'change review' to modify assessment if needed;
  • And, If you agree with the evaluation, click on the 'review and continue' button to completed the review.

Once all action plans are reviewed, the card appears as 'completed'.