good a good [Music] feeling I got a good good a good feeling yeah I'm up on the cloud a coming back [Music] down I got a feel good a good [Music] feeling yeah I'm on the cloud coming back down Feel It In My Bones got to shake it out I'm going harder than before let me he out I run around the whole world chasing that thrill from the bottom to the top I'm F to knock it out I'm about the blow ready on the go steady shining brighter than I ever did before when I'm up in the CLS and I ain't coming down no I ain't coming down oh no I'm the of the town I know you feeling it now come on and move to the sound and keep it going keep it going and turn it [Music] I got a good good a good feeling yeah yeah I'm up on the CL Ain coming back [Music] down I got a good good a good [Music] feeling yeah I'm up on the cloud Ain coming back down starting at the tip of my toes feeling in my head and my clothes oh Lord ain't nothing holding me back so I don't got to heal that's SM no more play it Loud when I walk in the door I got the pedal push down to the floor and about to bring it home yeah it's time to let him know yeah it's time to let him know let's go I'm the of the I know feeling it come on and move to the sound and keep it going keep it going and turn it up loud oh I got a good good a good feeling yeah yeah I'm up on the CL Ain coming back [Music] down I got to feel good a good [Music] feeling yeah on the a coming back down I got a good good a good feeling I got a good [Music] good all right everybody thank you for joining I'll go ahead and get started as people continue to file in you know very happy to have you here you know good morning good afternoon and good evening depending on where you are in the world or when you're watching this I'm live or on demand I'm very excited today to talk about some of our most most interesting and exciting applications in the integrated risk management product portfolio um policy and compliance and audit management we've got an amazing group of um colleagues of mine that are going to talk you through the newest enhancements that we have just released in the s s store and they're going to do some live demos so make sure you stick around for the entire hour because I'm sure we're going to take an hour but before we get started I want to do a little bit of housekeeping um you are on mute um if you've joined us before you know that we really want you to ask questions We Love interactive sessions we want to make sure that you you get your questions answered that you know the things that you're you're thinking of because if you're thinking of it someone else probably is also so please use the Q&A feature at the bottom to ask your questions um I will in the chat put the link to the recording this is being recorded and within 48 hours it will be up on our GR YouTube playlist so if you can't stay for the whole time or if you've got colleagues of your own that aren't able to make it um they can view it later on demand we have got exciting news for the new release of all these incredible enhancements on the service now store um we've been doing a series of webinars over the course of the last couple of weeks um if you miss them again you catch them on the on demand on the YouTube playlist but we started a couple weeks ago with business continu management followed up with risk management that was an incredible session then third party management earlier this week we talked to um draw about continuous authorization and monitoring today we're excited to talk about compliance and audit management going through a a list of features that I actually couldn't fit all on one little slide here and then next week please join us again as we talk about compliance case management and Regulatory change management and we finished up our series with our privacy management product so with that I am going to turn it over to anush who's going to introduce herself and tell us a little bit about you know more detail all the features that we're going to talk about today thanks Raa hi everyone good morning good evening good afternoon uh welcome to the webinar and I'm very excited to talk about the features that we are releasing in zanadu uh let me go ahead and share my screen and go through the exciting features that we are releasing so the first one that is already in our store is the Cyber Security executive dashboard which is the single pane of glass for the personas like ciso to view cyber security and risk metrics in single dashboard uh we're going to cover that in a bit and we'll also do the demo the next uh uh feature that we are releasing is enhance use experience for control at stations this is something that we all have been waiting for it's a new assessment engine that uh will be now uh can be used by um used by V1 for the control add stations it has enhanced user experience and uh different capabilities that is uh that will enhance your experience much more the third feature is support for cyber risk Institute profile content uh cyber risk Institute uh framework uh which is a CRI profile framework uh is a framework which is uh which is specially developed for the financial organizations we are providing content which includes Authority document citations and control objective which are based on the CSF 2.0 and we're also providing CRI assessments as part of this particular content which uh when taken by or performed uh and completed by Financial organization will determine your uh compliance posture and um it'll also uh it'll also give you mapping between um the cyberis profile and other Financial regulations like ffic and many more so you can test once and comply with many as part part of this accelerator we are also providing content for n CSF 2.0 which will come as part of our n CSF 2.0 accelerator so uh this content will be available and it is mapped back to the CRI content as well and finally we are providing few enhancements on our existing um capabilities one is for cloud document or workpaper management which we release in Washington for one drive now we will be supporting SharePoint and we are also supporting in a few more features like upload local files to cloud in configurable folder location along with that we also supporting SharePoint for our policy authoring um so now you can use SharePoint to perform your redlining and author your policy with that I'm going to move on to our first feature which is cyber security executive dashboard the Persona that I'm uh going to introduce here is Karen who's the chief information secur officer and the problem that we are trying to solve here is uh as a ceso you don't have one single place to view your cyber security metrics which relates to your security risk and compliance and there's no single operational dashboard uh which can be used by cesos to take quick actions or follow up on all these different activities so the solution that we're introducing is a cyber security executive dashboard which is a single pane of glass with various metrics from security such as security incidents one vulnerabilities operational technology and we also have risk and compliance third party risk a privacy metrics in the same um dashboard this is an operational dashboard so you can track your quarterly goals to improve security and risk posture you can also perform peer benchmarking to understand where you are uh with respect to your peer and with respect to your industry so a quick overview of this dashboard this dashboard will allow you to set targets on key metrics and uh you'll be able to track the status of the uh targets that you have set set up this is uh this dashboard also will provide you single scores indicating the organization's security compliance and respons there will be drill Downs available which will provide you uh details of the breakdown of the scores contributing to different uh factors it'll also provide you insights uh or a quick overview of what what are the various movements have on the metrics we also have key postures and operational metrics on it and OT vulnerability security incidents and employee Readiness and we have key portion and operational metrics for risk in compliance privacy uh business continuity management when it comes to crisis and events uh and Disaster Recovery third party risk and audit so with that I am going to switch quickly to the demo and show you what we uh have wonderful andry while you're doing that um we've got a question about whether or not there's additional license required for the cyber security dashboard that's a question so uh there is a licensing require requirement we are providing this dashboard is part of one of the pro skew so if you have a irm pro but you have let's say Sir or security incident standard or vulnerability standard skew you would still be able to install and use this dashboard if you have one of the uh Pro skes from Seas let's say if you have security incident or vulnerability Pro skew you can uh use and see this dashboard even with irm standard so one of the skes has to be Pro the others can be standard and you'll be able to leverage this dashboard all right so here is uh what you see on the Cyber Security executive dashboard we have overview um and on the overview you see different uh reports here the first one talks about the security score which is an aggregate score of the various metrics uh rolling up so the score is calculated based on your vulnerability um security incident scores and overall score is shown here you can click into it and see the details of the breakdown to see how the score uh is being calculated what is contributing to the score so you can see VAB is uh related to OT uh application security incident major security incident rolling up to this score then you have insights which tells you a quick insights of what is happening so you can see three critical incidents in the last day one major security incident pending to take action um and these insights will dynamically show based on the the metrics below there's a compliance score related uh report which tells you the compliance score percentage and trend of compliance score you can also have a breakdown to understand how what is contributing to the score so you can see the compliance by Authority documents what are the different Authority documents by their compliance score any high priority issues exceptions uh compliance cases similarly you can see the policies as well with all the details around it and overdue issue aging chart so You' be able to see uh what are the W issues if they are closed or not and what is contributing to the compliance score overall similarly you would have you would see the risk uh report as well which will give you the breakdown of the risk um statements and related information as well so if I click into it it'll give me the breakdown of the uh Risk by RK rating uh the level of risk statement risk appetite any issues overdue risk response task and the kri breaches and you can see the reports of the overdue issues and overdue response tasks here and then at the bottom of this uh uh overview report you would be able to see business critical entities you can pick and choose uh entities here and see the reports related to the entities you can see the various scores associated with the entities if I take an example of this particular entity here which is related to Asia business unit uh or legal business unit I can uh drill down into this score to see more details around it so I would be able to see what is my compliance score what is my risk rating what am I what is my vulnerabilities uh score security incidents as well and this contributes to My overall score of this particular business unit so you can go to the drill down uh for each business unit all business services and see what's going on here now at each uh uh report level you'll you'll be able to see targets here so if you click into it you can set the target for that particular um uh score so in this case I'm going to set uh in this case I have set the target as let's say 90% And you can provide the review date as well which was July 31st uh since it we've not achieved 90 it is still 89 it is off track and it shows up here on on the uh panel so you can see the compliance percentage which was a Target 890 but currently we are at 89 similarly you can set the targets for security scores and other uh metrics as well if you have the benchmarking if you've oped for the benchmarking you'll also be able to see the benchmarking uh related information here uh which will show you how you are performing with respect to your peers and in your industry uh with that I'm going to pass it on to Shiva who's going to cover uh the vulnerabilities incidents and employee readiness what you thank you hi everyone this is sha I'm I'm going to cover uh Security operation side of the house uh on the Cyber Security executive dashboard so we have uh three tabs allocated for security operations products uh first one being the vulnerability response at act surface management uh product portfolio so we have ke metrics both operational and posture related showing up on the avability uh tab here so we have mean time to remediate again when we say viabilities it covers you know viabilities across all asset types uh so poost vulnerabilities container vulnerabilities and application vulnerabilities all the scores from each of these vulnerabilities along with the misconfigurations that uh uh that come in the configuration compliance uh application so all of the scores for all these four products is rolled up into you know singular scores for you to monitor operational and uh you know posture of the organization so there is mean time to remediate uh which is indicating you know the time being taken to remediate vulnerabilities and misconfigurations and we also have uh you know scan coverage which is an important posture metric which tells us you know how what percentage of the assets are uh being scanned for vulnerabilities and misconfigurations we have a active critical and high findings uh Trend to monitor you know how the vulnerabilities are being discovered in the environment uh so these are the fin EV from the it side we have similar metrics on the OT where we have critical and high viability Trends on the OT devices along with the meantime to remediate uh viabilities on the uh on on the OT devices if we drill down into any of these VES like me time to remediate on the it side uh top one yeah uh you can see the details of the meantime to remediate metric itself the trend of it as well as you can get additional insights into uh other some other key metrix which which are related to the mean time to remediate uh so there is average age of active viabilities there is a remediation efficiency which says how soon you are remediating compared to how soon how many uh detections are being uh found by the scanners you have also have averag of active availabilities by each assignment group so you can compare you know which is the best performing assignment group compared to others uh back uh and as Anish mentioned earlier like we have benchmarks for some of the key Mets here uh you could opt into this benchmarks uh and you could get visibility into your industry peers as well as the global peers in the service of customer base uh this is an opin feature and the data is Totally Secure we only collect aggregated scores uh and and you know we have more than 500 customers sharing uh this information for aggregation and benchmarking uh you could set Targets on the individual score metrics as well uh and they will show up at the top of the dashboard for you to track on a regular basis uh the next tab is related to the security instent side of the house uh security case management uh so we show uh major SEC number of major security instants that are currently active uh what is the average security instent resolution time if we drill down into that average security incident resolution time uh the second one uh we can see additional related metrics like what is average time to eradicate a security in what is average time to identify security instance and average time to contain the security incident so we have a a heat map of active incidents that are underway by priority and category so you could go go and look at you know how where exactly the the number of security incidents is high and get an understanding of it and the last one employee Readiness uh this is is not specific to security operations but this is an example of how you can integrate with other third party tools and could be security tools could be risk tools as well uh you can integrate with third party tools and bring in the key metrics from those third party uh tools and showas them in the same dashboard without having to you know switch to a different dashboard or a different product so this is an example that we uh we we provided out of the box uh so this is a fishing simulation metrix from the no before uh uh if you are aware no before is a f fishing simulation tool which with which you can run uh simulation simulated fishing campaigns with the employees of the organization and see you know how many of them are clicking those fishing links how many of them are opening them how many of them are even downloading that attachment so all of that key key metrics about uh you know employee Readiness or awareness about the fishing campaigns uh can be showcased uh in this subject we have two out ofthe box Integrations one with no and one with the Microsoft Defender Office 365 to Showcase this metric uh but this is just a uh example of what you can do with third party tools you can bring in any other third party metrix and surface them on the dashboard back to you thank you and the last um last T you see here is risk and compliance where you'll be able to see various metrics related to compliance in risk and other um other domains as well so you can see the compliance washer here which you've seen before the risk washer as well um and you can also set and use a functional domain capability that we have to tag various um data in in your system to uh specifically say or call out that this is a cyber security and risk related uh control or a RIS statement and only that data could be filtered and shown here on this dashboard so that capabilities available you can set and use the ex existing functional domain which is it risking compliance or a new one which we introduce and filter out the uh data accordingly uh there's a setting which can let you select the functional domain by default so your uh dashboard will be reflected with the right data uh going down here you'll be able to see the Privacy compliance posture which is a trend of privacy compliance uh score how it's trending over time the Privacy risk heat map you can filter by uh inherent and residual score and the heat mat will reflect um accordingly below you can see the ongoing crisis events so the it shows the ongoing crisis events and the assets by recovery status so you'll be able to see how many assets have been recovered not recovered and the task by status so how many tasks have been closed out or still opens it can track them as well and then you can see the third party rure so you'll be able to see all your third parties uh by the industry and the risk rating you can also see the RIS deer and the risk intelligence rating if you have integration with uh external third party tools like bit site security scorecard and other tools uh You' be able to start seeing the risk intelligent rating here and then finally the overdue high priority issues you can also filter the third Parties by risk criteria so if you want to just look at the third Parties by security risk you'll be able to do that and it'll reflect on the dashboard here so this gives you overall uh the third party related risk rating here as well and then finally you can see the O open and upcoming audit engagement so you are well aware of what are the upcoming audit engagements or ongoing audits going on uh specifically for cyber security uh if you have the right tagging done uh beforehand and then you'll be able to uh see the type of the engagement as well as the engagement leaders uh are there any high priority issues engagement plan and and um plan and end dates also the field workor completion Milestone progress Etc so you'll be able to uh dig into more details here and um this is the overview of all the uh various metrics but if you want to get into more details on the risk and compliance they're also providing a specific dashboard so if you click on this particular link it will take you to this dashboard which has way various uh details on uh various areas that we saw so you can go to overview and uh look at all the uh Dash wordss here on the compliance posture a spure the crisis events and the overview of what is happening the compliance overview will give you the um details on the authority documents and policies and the related metrics you can go to the risk overview which will give you details on the rure as well as the third party rure the Privacy overview is is going to give you uh details on the Privacy compliance posture and risk posture and then the entity overview is going to give you details on entities so you can select the entities by class and see what is happening what is your uh risk rating compliance score of the entities what are the high priority issues if any highrisk exceptions uh that are related to entities and you can also see the names of the owner so you can follow up with the owners here so this is the overview and then finally you have the audit overview where we similar to what we saw you have upcoming in open audit engagements so this is the overview of cyber security executive dashboard all the reports that you see on the dashboard are drillable so you can get into more details by drilling down on the reports um and get more information around it so okay fantastic this is this has an amazing dashboard um we had a couple questions I know they've been answered in chat but I thought it might be useful to to ask them live the service now documentation provides a great deal of information about the the Cyber Security executive dashboard are there any other places where customers should look for configuring it or or suggestions you might have for for configurability um yeah I think it everything should be available on the documentation um so you should be able to um get all the information and uh this is configurable it is based on the uh analytics capabilities um so you'd be able to uh edit and make changes if you want to but all the information should be available on the documentation wonderful and then I noticed that you know we already had it answered but powerbi if other people are using powerbi we can actually ingest metrics into service now via apis and other mechanisms from powerbi which is a pretty popular application so you know this it's it's fairly simple to injust additional information as you mentioned earlier into the dashboard um to surface that for people that want to be able to see it yes that's all questions I have on the dashboard awesome thank you so much so I'm going to switch over to the next feature and that's the enhanced user experience for attestation um um so we are leveraging the new assessment engine which is introduced and available for everyone to use for attestations you're still able to use the old data station there's a choice that you have that you can select on control objective to either choose between old or new at stations uh I am going to pass it over to Hari who is going to take us over what are the different capabilities that you see in the new assessment engine and how it relates to ATT a station and um he'll be able to demo it to you so over to you har thank you HRI hi everyone really excited to be part of this webinar I'm Hari and I will be walking you through the new smart assessment engine which is what ani was referring to moments ago as the new new and enhanced experience uh in the controler station uh world so without further Ado uh let us go ahead and quickly take look at it so there are two components that I'd like to uh talk about here one is the Template Designer and uh the second is the actual assessment itself so let's take a quick look at both so where does one design an assessment templates when I say template the Template Designer where the user designs how the assessment should look like the questions it should carry the way it should be organized uh so where where does one do it introducing the new assessment workspace so you see the list of templates that have already been created so to create a new template we click on the new template button we provide a name so test control station we select the category and we hit create you see various tabs that are listed here so let me jump to the questions tab which is where all the action takes place and let's start off by adding a section so let's call it a a station and I save and I proceed to add a question as part of uh so as you can see here you now have a buffet of options providing you uh providing the end user to go ahead and choose from this of a of list of different different kinds of questions so let me go ahead and select a drop down since my question is going to be is your control implemented so it's a simple yes or no question so I say yes a choice and then no to another choice so once you do that you also have additional configurations that you can see where I can make it required which means it'll be presented as a as a required question for the assessor I also have additional options like uh making the attachment or the justification mandatory or I could also make this question conditionally visible as I as I add more questions I could make the questions conditionally visible based on the response of other question so you proceed to add the questions and hit on publish which means that the assessment is now the template is now ready for use to trigger the assessments so yes creating and Publishing a template is as simple as it looks so let us now quickly navigate to the compliance workspace and take a look at how the some of the assessments that have been triggered now again I um I'm already there in the right place which is my tasks and you as you can see here I see all my pending attestations which have already been triggered in the interest uh for this demo and as an assessor I now have an option to take it individ one by one or I can choose to combine it as you can see here the combine button I can choose to combine it and take them both together let's start by choosing one first all right so uh so this is the new interface for the uh assessments you have a a header that shows the assessment name and context and you also have the navigation panel where you have the sections listed out in this case there is only one section but however if your assessment has multiple sections it will show them and you it also shows a nice progress bar so which mean as in when I begin to answer the assessment uh the progress is going to be immediately reflected uh you also have a side panel which has got uh details and it shows additional details about the control so not just the name of the control that is being attested but it also showcases description uh entity details uh if it's a key control any classification it shows quite a lot of of other addition that are all configurable for you in addition to that we also have the attachment and the comment section where back and forth comments can be done or any related attachments can be attached right so this is your and this is your uh the center the heart and soul of the assessment where you proceed to answer the question and once you answer it you have an option to submit it all so it has a lock icon which kind of showcase which kind of explains that not all required questions have been answered but once they have done the submit will be enabled for you and you can choose to submit it so that is your uh assessment experience which have been leveraged for attestation uh you can also view the combine what we saw as an individual we can also combine it I proceed to do a combined uh attestation because this gives this is a nice utility which uh which give which presents all the Assessments in one single view so that as an assessor I don't have I can reduce the number of clicks and I can I I will be able to perform my assessments one shot by combining it all and submitting it all together the filling of the assessment is pretty much similar to the individual assessments that we just saw but however once you do it all you can do a bulk submit all or a bulk re reassign uh feature as well uh if you choose to so with that I pass it on to Anri uh where she will now showcase you how this uh this framework has been leveraged for another use case so har before we um switch over I've got a couple questions um if someone buildt an assessment would they be able to preview it somehow before they published it yeah that's a that's a great question so there are two things I'll answer it in two ways one is uh we are trying to build the assessment as a what you see is what you get fashion so which means as in when you build it itself uh you must have a feel of how it looks like but yes the actual preview the traditional preview method is something that we are going to deliver in future releases it's not available in zanard yet um and does someone have to have zanado do to be able to use a new assessment engine or is it available in Washington also uh it is we do support n minus 2 which means that it is supported in Washington as well the only exception being if your instance is domain separated then you will need zanadu otherwise you you can use it from Washington itself couple more questions um can you have a dependency of a question on another category absolutely I understand why this question is coming from it's one of the limitations that is being asked uh yes you can have a dependency belonging to another category you can have dependency created on qu multiple questions as well and not just one single question as well okay and then um this is a very popular feature which is really nice lots of questions um can you save the atation to be um completed at a later time or do you once you start it do you have to to finish it oh my apologies for uh not covering that so as you can see here we have enabled autosave uh uh here so as in when you proceed to answer it the auto save will kick in and then it's going to save it so there's no physical save button uh the system is going to take care it for you so yes you don't have to you do not have to finish the assessment in one single setting you will be able to um you know address it you will be able to take n number of settings that you want to before you submit wonderful and um if uh if the attestation is built for a common control will the attestation result automatically create a Cascade related controls or how does how does that work with the controls so atation can be uh created for control or common control currently when you attest a common control the result of uh control status which is is compliant or non-compliant is cascaded down to all the Reliant entities so that's how it works today and it'll continue working like that uh is that you can take the new assessment engine you can take the ATT station using the new assessment engine for the common control as well wonderful and then again a couple more questions I thank you for the questions keep the questions coming we like them um there's an there was an attachment um that we saw on one of the attestations and in we've been adding additional features to be able to reuse these attestations for evidence and things like that so can the attestation that has been added the attachment that's been added to the attestation is it reusable as evidence for an audit engagement uh repository of attachments uh it's not yet there but we are tracking it for the future release uh thanks for asking okay then the last question for right now the scoring is this new assessment um how does the scoring on the assessment engine work so the scoring is interestingly the scoring is what we are actively working on for the next release so I will be happy to talk about that as well but in zanadu uh there is actually no scoring uh enabled so it is going to be handled in the next release okay and then I guess now the final question um can multiple people respond to the server the or the assessment for their individual sections uh so as of now we have enabled a reassign option which means that once you finish it you can pass on the uh but or the assessment to the next person to answer it but we understand the importance of collaboration and once uh in fact collaboration and delegation as well so which means multiple people being able to work on the same assessment simultaneously that is also another future upcoming release which is there which is there in the road map but in zanadu you have the capability of reassigning so which means you'll have to pass it on uh finish your uh uh finish finish your area and then pass on to the next assessor to perform and submit which is which is still wonderful I mean you're still able to have multiple people answer the same question or at the station which is which is really the point here um all right an I'm want to pass it over to you to continue going I'll keep the questions coming and I'll next section we'll we'll get the rest of the questions answered yeah one last thing since I see that question yes you will be able to use the assessment engine in Washington DC itself if uh unless if you want it to be domain separated in which case you cannot I hope that answers the question perfect thank you awesome so yeah I see lot of excitement and I'm excited as well because there's a rich road mapap for new assessment engine and lot of the capabilities that uh everyone wants for atation or any other type of assessment will be coming up soon so to summarize what we saw right now there is of course enhanced user experience on your uh new uh new assessment engine you'll be able to uh perform your acquisation using the new user experience but if you want if you wish to still continue using the old one will still give you the choice to do that uh there'll be additional reference information like control description key controls etc for ATT respondent on the right hand panel and uh you can configure that uh as well so there'll be more context to what you're testing to you can uh provide justification and attach file to each question you can easily respond to atation at the same time by opening multiple essations in one combined view as har was showing and submit all the assessments collector with a single click uh there are rich capabilities like autosave and uh others so and and there are many more that are coming up all right so with that we are going to move on to the next topic which also uses the new assessment engine so I'm going to demo what we've done here so the Cyber risk Institute accelerator uh which is uh in this case the Persona that we are looking at as a cyber risk or compliance manager was responsible for their organization cyber compliance posture in this case Tracy uh needs to ensure the problem that she faces that she needs to ensure the organization is protected from cyber Risk by com uh complying with all the regulations that are applicable to uh the the their financial organization so she spends a lot of time uh and effort in implementing control from over 2,500 regulatory expectations that apply to her financial Institute so the problem that we are starting to solve is uh with the Cyber risk Institute profile accelerator this accelerator will provide the CRI profile content uh the CRI profile which is a common controls um accelerator which is based on the the CSF 2.0 uh the common controls that are provided as part of the CRI profile map to over 2,500 Financial regulatory expectations and which makes easy for you to test once and comply with many the CRI profile assessments uh which we provide as part of this accelerator determines the Cyber compliance posture of the organization and it is performed based on the applicable tier of the organization so if you're in tier one which is more of a Global Financial uh organization than tier 2 which is more um the country base or the state based so there are two one to four tiers uh based on what tier you fall under you can perform a specific CRI assessment and you can determine the compliance posture of your organization with that I'm going to quickly give you overview of what CRI is so uh the Cyber risk Institute is focused to collaborate with financial sectors and Regulators uh to streamline the standardization across risk management uh using the financial sector consensus so they do have a group of financial organization that are part of their consensus uh who provide them feedback and uh provide them uh feedback also on the content they have come up with a CRI profile for better cyber compliance management the CRI profile is based on the CSF 2.0 they have added their own control object which are called as diagnostic statements uh and these diagnostic statements map to over 2,500 Financial Service regulatory references so you can see the mapping of and uh these diagnostic statements with the citations coming from various Financial regulations as you can see in this diagram on the right hand side including ffic uh European Central Bank Etc it offers four tier of uh applicability for different institutional sizes So based on your tiering assessment you can determine what tier you fall under and then perform your CRI assessment based on the tier based on the CRI assessment the compliance of that uh is reflected on all the controls that are related to these diagnostic statements and it'll determine the compliance spure for your CRI profile and the related uh regulatory references or regulations and standards like ffic and others that you would have maed um these are all the CRI current members of CRI who contribute to this content who provide the feedback very actively they have a user group um and and based on all the feedback uh uh we've been working closely with CRI uh and to provide this capability out of out of the box to provide the assessment so all the organizations can perform these Assessments in within service now so what we have as part of the content here is we do have as part of CRI profile we have authority document we have 38 citations that are mapped to control objectives um and citations coming from the CSF 2.0 n ffic Cat you can see that CRI tiers there's Tier 1 2 3 and four each tier has set of control objector uh tier one is 318 and tier 2 3 4 are subset of uh that tier one control objector so tier two will contain 311 282 in tier 3 and 208 in tier 4 based on your organization size you can perform the CR assessment which will uh map these control objectives accordingly the C I assessment or CRI profile is mapped with CSF 2.0 uh where where we provide one Authority document citations and control objectives from the CSF 2.0 that are mapped to CRI profile and we also provide content for ffic cat uh where we provide one Authority document 419 citations and 228 uh citations M to CRI control objectives here is an example of how a CRI control or control objective can be mapped with the CSF and The ffic Cat In this case I am taking an example of ID am 0.7 0.1 uh citation from CRI profile which is mapped on the CSF accelerate on the CSF 2.0 control objective which is ID am07 and it is also mapped with ffic cat citation and you can see the citation example here so this is how provide the mapping out of the box and I will quickly get into the demo and show you what we have and while you're moving into the demo um this is available in in um professional and Enterprise correct yes yeah this is part ofm professional and Enterprise cues so here you can see the content that we provide out of the box so you can see the content for C profile 2.0 you you can see the content for ffic cat and this CSF 2.0 so this is coming out of the box with this accelerator uh I'm going to show you how CRI profile looks like so this is an example of CRI profile which is an authority document and you have the citations under each uh each citation has the associated uh child citations or control objective in this case you can see the control objective that is associated with this particular citation if I dig into the control objective here I would be able to see the various citations that are related to this control objective and you can notice there are citations from ffic cat the citation from the CSF 2.0 that are mapped to the CRI profile control objective So based on this mapping when you test a CRI profile control objective uh automatically the compliance score will roll up on the ffic cat as well as C the CSF 2.0 respective citations and you just need to once and automatically comply with various citations and regulations here we provide uh the ffic cat out of the box but if you have any content for other regulations you can also map it to the CRI profile I'm going to take an example of uh an entity where we going to perform the CRI assessment on so here is an example of the tiering assessment that we have uh on this entity so the tiering assessment is also provided out the box you can go through different question and you can see that this uh here is where we've used the new assessment engine um these are the instructions of how you perform the tiering assessment and how the tiers are determined uh what are the different uh company or organization sizes we are looking at uh for tier one tier two tier three so if you go through the tiering assessment and I'm going to choose let's say one of the qu I'm going to answer one of the questions here and uh once I do that I can go to the next section since I've answered the first uh question in the tier one section the tier two and TI three questions are not not applicable to me anymore and I'm going to go ahead and submit this once I submit this uh it is going to calculate the tier for me and assign it to my entity so if I go back to my entity and go to uh my details section here it it's going to determine the tier and assign it out to my entity so in this case the tier one is calculated and you can see that this is assigned here and based on the tier that is assigned you can slowly now see the controls uh being created based on the tier so because it's a tier one there are 318 controls that will be uh control objective that will be associated with this entity and it will generate 318 controls here for you um and then you can perform a CRI assessment uh which will show the impact on the c18 um controls what I'm going to do now is go ahead and initiate the CRI assessment once I initiate the CRI assessment the uh CRI assessment will be created and you'll be able to perform the C assessment the CRI assessment is available in the in your task in box as well so if I come here I would be able to see the CRI assessment if I open that up uh this is a standard C assessment provided by C it has different sections uh again map to the N CSF 2.0 function so you can see the new govern function added here identify protect detect respond recover and extent each one of them will have set of questions that you would need to answer currently uh you can assign this questionnaire to one respondent but in future when the new assessment engine will come up with the cas capability um to assign out the questionnaire to multiple uh users or group of users you would be able to assign out uh different sections to the users or group of users who would be able to collaborate and answer the question this is a long questionnaire so you'd be able to go through one by one and answer the question uh each question maps to a diagnostic statement which is a control objective from crra so when I answer the question as yes no or any one of them it also gives me an ability to provide uh an justification as well as attachment to the question I can also view the guidance around the question so the guidance is also provided by CRI which gives you what the response guidance should be and what are the example of effective evidence so looking at this you can provide your evidence or you can provide your guide uh response as well this uh particular guidance is available on each and every question question and you'll be able to see how do you want to respond to it and how do you want to provide the uh uh the evidence as well so once you go through all the questions here and all the sections at the end of it you'll be able to submit this assessment and the result of the assessment will be reflected on the control uh since it's a long questionnaire I've already gone ahead and submitted it for another entity so I'm going to give you the example of that so here is there I have I've already completed the assessment and once I look at this this is everything is completed and I've submitted the assessment because I've submitted the assessment the uh the compliance status of each and every question will be reflected on the controls that are mapped to The Entity so I can see that each and every control is either compant non-compliant or not applicable based on the answers that you've provided and uh you can see the effect of the non-compliance and compliance on the CRI profile when you go to the homepage and you'll be able to see the CRI profile and the related compliance percentage or compliance score you can see the 43% of compliance score here and with with uh with that you can also see the compliance score reflected on F fic cat as well as the CSF 2.0 because these two regulations and the related citations are mapped in this CRI profile as as soon as the controls are controls are uh either mark is compliant non- compant and the score is calculated here you can see the score reflected on ffic cat as well as csf2 so that is how the common control structure works and you you can test once and comply with many so that's how the CRI assessment looks like uh if you have any questions you can post it in the questionnaire but uh uh in addition to C profile accelerator and the content we provide we're also providing the content furnace CSF 2.0 which I already explained before but this content will also be visible in the ncsf uh accelerated application so if I go to the N CSF uh content here you'll be able to see then the CSF uh menu and under each of the section here and the new section is added for govern uh You' be able to see the related control objectives and policies that are added for 2.0 so you'll be able to see the NSR 2.0 policy as well as the control objectives under it and we've also added the authority document as well as citation from the CSF 2.0 so the content is available and as soon as you install on the CSF 2.0 accelerator uh you can see the mapping between the the csf2 and profile the C profile being inst established so that's about the CRI profile accelerator content as well as the CSF 2.0 content there I'm GNA pause yeah actually we do have one question um so the scoring in the example that you you gave for the CRI accelerator um that would have to be defined so the scoring would not have to be defined using the Legacy questionnaire template functionality no So currently based on the so we provide the mapping between the questionnaire and the each question and the control so once you answer the uh question the score or the compliance status will be reflected on the control and the score will be calculated automatically so we don't have to um um configure any scoring Logic on the assessment as such right now but in future we are also planning to provide this the risk score part of F where which is where we are going to provide out of the out of the box scoring uh with respect to risk score as well which will come in future but for right now we are providing only the compliance percentage or compliance score that holds up which is out of the box and I assume if you had your own scoring logic you can yes you can use that too we're we're not making it rigid perfect that's it that's all the questions for uh the accelerator for right now now awesome so I'm going move on to last two topics and since we have only five minutes left I'm going to quickly move on and uh cover these topics so the next one is the workpaper management using SharePoint we did have support for one drive in the previous release and there are new capabilities that we've added as well so just to recap we are providing an ability to um manage a workpapers or cloud documents using SharePoint um you can connect to existing SharePoint files which could be any files XLS docx PPT Etc available on SharePoint you can also upload the local files to SharePoint this is a new capability which is allows you to upload the local attachments on your local machine to SharePoint and when you upload it on the SharePoint we we upload it automatically in a folder the folder can be preconfigured as well D using the dynamic variable so you can if I'm on an engagement I can configure a folder like audits engage Eng agement name engagement type uh and this folder will be created automatically on the SharePoint side and the file will be located inside this folder uh this of course enables you to uh uh to to collaborate on this cloud documents we provide the uh Cloud configuration the permission or access control for these cloud files so you can Define who gets read and write access to these cloud files based on what conditions on what state of the record You' be a able to do that um you can also uh set up this particular Cloud configuration not only for audit engagement but for any GRC record so you can set it up for evidence you can set it for set it up for issue policy Authority document record with a simple Cloud configuration which I'll be able to show you quickly in the instance okay so I am going to quickly come here um okay so here is an example the cloud configuration uh that I was talking about which I've configured for audit uh and I can also decide it on the type of the audit what what I want to configure in this case I'm saying uh if the audit engagements are of type internal audit then I want to upload my local files to this configurable folder so you can pick the fields from the engagement and create this uh folder where I've picked the engagement type number and the name and a similar folder will be created on the your SharePoint site so this is the uh the configuration for the site that you want to pick and you can um create the folder automatically on that site this is where your access permissions are so you can provide the read and WR access who gets read and WR access on what state of the uh uh record as well so in this case I'm saying that Auditors will get edit access in the validate and field work uh and I can also decide when do they get read access and that would be the rest of the uh States so you can uh provide provide that configuration here you can also configure this for any other uh file is record as well so I have configured it for evidence so you can configure it for any record and the cloud file configurations or cloud files capability will quickly will start showing up on that particular record so I'm going to go to an example that I've taken here which is an audit engagement here you can see the new tab which is cloud files as soon as you configure the cloud configuration this cloud files stab will start appearing on the record that you've configured for here I can either link a cloud file on from SharePoint uh which is any SharePoint uh file that you have on the SharePoint site you can quickly link to it or you can upload existing local file to SharePoint so I'm going to go ahead and upload one of the files here sorry about that now sof out so I'm going to do this yeah so once I upload the local file that it will be uploaded to the configurable folder so quickly I'm going to do the same thing once I uploaded it'll automatically upload it to cloud and the link will be available here for me so when I open up this link this file will be opened up in cloud and uh this particular file will be available under the configurable uh folder so in this case I'm just going to refresh my SharePoint site to show you how the folder is created so audits I I see different folder on audit that's the part I provided this is a new folder just got created based on the name uh of the engagement and the audit engagement memo template is added here so this is automatically done which is a new capability and the SharePoint integration is available for cloudy configurations U and then I'm going to quickly move on to the policy authoring again policy authoring we had uh support for one drive um you could configure uh SharePoint site which was one single sh SharePoint site before but now you can connect to multiple SharePoint site so if you have your policies managed on multiple share point site you can connect connect to those policy documents and uh you can start uh managing and Performing the redlining of the policy so I'm going to quickly come here and just show you what it looks like uh without going into too many details so here is how the difference would be so if you click on connect to existing file you will be able to provide the SharePoint uh site URL and the folder path and then connect to the existing document on SharePoint so this is a new change on the policy where you'll be able to perform or connect to the existing uh file from the SharePoint location everything else Remains the Same the entire flow of redlining and authoring Remains the Same this is a change that we've done so you so you'll be able to perform red Lighting on linked documents also um the link so dead lining on the link document on the cloud documents yes you'd be able to perform and collaborate on these cloud documents that I was showing before um and collaborate on it on SharePoint and the access to these documents will depend on the configuration that I was showing you earlier and I'm assuming that the permissions they sync with the SharePoint site permissions automatically yes awesome I'm going to steal your screen here um those are all the questions that we have right now though we've got a couple minutes here so if you've um still got a question please feel free to ask it I wanted to to pop up ways to connect with us um through our risk risk website on the community if you look in the chat you'll see a link to um be able to register for additional webinars um or look at the YouTube playlist you can also use these QR codes here um and then we do have on a Blog with all of our events throughout the year so please you know feel free to grab a hold of these uh this link here and check out what's coming up we have lots and lots of things um coming up throughout the year I want to thank all of our presenters for all the amazing information for the fantastic demos that they did and I want to thank all of you that joined us today and we hope that you enjoy join us for our next webinars coming up next week so thank you very much and have a wonderful day