Evidence of Compliance Integration
By importing Evidence of Compliance data from other Kaseya IT Complete Modules, you can reduce the time spent collecting data to address compliance controls. The more IT Complete Modules you use, the more evidence of compliance you can incorporate as supporting data as you complete your compliance assessments. Here is a list of the supported Evidence of Compliance modules:
|Evidence of Compliance Integrations
|Datto Backup for Microsoft Azure
|Dark Web ID
This topic covers how to enable the Evidence of Compliance integration for your Compliance Manager GRC assessment.
Step 1 — Enable KaseyaOne Single Sign On for RapidFire Tools Portal and Supporting Modules
Before you can import evidence of compliance from other IT Complete modules, you must first enable KaseyaOne Single Sign-On for the RapidFire Tools Portal. See Enable Log In with KaseyaOne
In addition, you must enable KaseyaOne Single Sign-On for each of the IT Complete modules from which you wish to import evidence of compliance. For example, for BullPhish ID, see Enabling KaseyaOne Unified Login for your BullPhish ID Organization.
Once you enable KaseyaOne Single Sign-On for the RapidFire Tools Portal and for the supporting IT Complete modules, evidence of compliance data can be shared with Compliance Manager GRC. This data is updated on a nightly basis.
Step 2 — Set Up Organization Mapping from Global Settings
NOTE To set up Organization Mapping from Global Settings, you must be a global Master or Admin user in the RapidFire Tools Portal.
Next, you will map your RapidFire Tools Organizations and Sites to their appropriate counterparts in the other IT Complete modules. This will ensure that you import evidence of compliance for your assessment from the correct organization in the supporting IT Complete module. To do this:
- From the RapidFire Tools Portal, navigate to Global Settings > IT Complete > Organization Mapping.
- First, you can optionally Enable Auto-Mapping. Organizations from other IT Complete modules will be auto-mapped to RapidFire Tools Organizations and Compliance Manager GRC Sites with the same name.
- Alternatively, you can manually configure the mappings. To get the latest organization data for other IT Complete modules, click Sync on the right page.
- Then, find the RapidFire Tools Organization/Site where you want to assign a mapping. From the IT Complete module column, click Not mapped to open the available mapping options. Select the Organization or Site (also called "sub-organization") for the IT Complete module from the drop-down menu. Your RapidFire Tools Organization will then be mapped to the Organization for the IT Complete module.
- Once you have finished assigning mappings between your RapidFire Tools Organizations/Sites and the other IT Complete modules, click Save.
NOTE You must have enabled KaseyaOne Single Sign-On in order to see Organization Mapping.
Step 3 — Import Data from IT Complete Modules
Next, import evidence of compliance data from the IT Complete Modules into your Compliance Manager GRC assessment.
- From your Compliance Manager GRC site, navigate to Data Collection > IT Complete Modules.
- Click Import from the right page.
- Select the IT Complete Modules for which you want to import evidence of compliance. Then click Import.
- The evidence of compliance data will appear in the table.
Step 4 — Add Evidence of Compliance to your Assessment
Next, as you complete your Rapid Baseline, Controls, and/or Requirements Assessment, you can review evidence of compliance as you answer assessment questions. Evidence of compliance will automatically be mapped to the relevant controls. You can also consult evidence of compliance where it is not automatically attached. Here's how this works:
- From your assessment, you can see the Evidence of Compliance drop-down from Resources.
- Click Add Evidence. Select the IT Complete Modules where you have evidence of compliance relevant to the survey question. Then click Add.
- The evidence of compliance will appear under Resources.
- From the Evidence of Compliance drop-down, select an IT Complete Module you have added as evidence of compliance and click View Evidence.
- From the modal you can review evidence of compliance metrics. Use this data to determine your response to the assessment question. For example, you can determine whether a control is addressed or not based on the evidence of compliance.
Step 5 — Review Evidence of Compliance
When you import Evidence of Compliance from Data Collection > IT Complete Modules, that evidence will appear in Results & Evidence > Files / Exhibits. Below you can see an example of BullPhish ID Security Awareness Training supporting evidence.
You can use this documentation as evidence that you have implemented security controls that meet the requirements of your chosen assessment standards.