Creating Compliance Assessments in CAT
Creating Compliance Assessments in CAT
This is a guide about the required steps a user should follow, in order to create a Compliance Assessment in CAT. Right now, the CAT Service supports assessments of PID Policy, but this can easily extend to different types of policies, in the future. In our example, we will describe the specific steps, regarding an assessment, complying with the standards, coming from the specific role of PID Scheme.
Step 1: Select type of Assessment
As first step, the user should specify the type of the assessment by selecting the Organisation, on behalf of which he submits the assessment and define the standards the Assessment should comply be selecting the Actor role. The type of the Assessment can be selected only if a corresponding validation request is already approved by the CAT administrators.
Step 2: Fill General Info
As second step the user should provide:
-
General information, such as the name of the Assessment and it's type (right now type is pre-filled as CAT Service supports only PID policy).
-
Submitter information: This is pre-filled information, extracted by the validation request that supports the assessment.
-
Subject information, such as the Subject ID , Subject Name and Subject Type. User can fill these fields on the fly or select from a list of already defined subjects. Subject ID is A unique identifier for the current subject - this can be a URL, a string representing the service or organisation being assessed, or the PID of a resource owned by the user. Subject Name is the name of the subject of the assessment as identified above. Subject Type is the type of object (such as a web resource identified by the owner) or service provided by an authority, provider, or manager, for which the assessment will be completed.
-
Rights, licence and Re-Use information , defining if the assessment will be a private or a public one. If the user is not yet ready to share an assessment result or it is being done for internal purposes only, he can keep it set to ‘private’. Only the results of ‘public’ assessments are visible to others.
At this step the user can click on the Create button and create an unfinished assessment, with unknown compliance, that will later will be completed.
Step 3: Fill Assessment Criteria
The user should fill each criterio, defined by the type of the Assessment.
If the inserted test value complies with the benchmark, the criterio is considered successful, else it fails. Also the user can add evidences to prove their declaration of test values.
Test values are accumulated and decide the success of the criterio.
User is able to view per critero, how many tests pass or fail. Also the user can view how many mandatory criteria pass/fail, the ranking of the assessment and if the assessment complies.
The user, can view the principle's description, by hovering over the (i) icon, as in the following image.
Also, guidelines and best practices are provided to support each test, and help the user to decide actions in order to comply with the required standards. User, can view the guildelines that accompany the test,by clicking on the questionmark icon (?), as in the following image.
The user can create the assessment or save if already created, by clicking at the Create button. At any step of filling the criteria, the user can create/save the results. As long as information is missing, the compliance state is considered unknown, while as long as the user has filled the criteria, the compliance state is considered pass or fail.