In this article I begin to demonstrate how many hours spent on ROC assessments are consumed performing administrative tasks. These tasks are difficult to keep up with and errors are easily introduced. TurboQSA removes this burden. In part 2, I will show you how the application makes interviewing easier and tracks the interviews in the Report on Compliance.
If your days look anything like mine, then keeping up with tons of meetings for different clients is not on your top 10 favorite things to do. Managing that in the context of a ROC project is nuts. I have a meeting at 8:00 with client A about firewall rules. I have a meeting at 10:00 with an HR representative about tracking security awareness training for client B. Some days, I have 5, 6 or way more to keep up with. So, like most QSAs, I either track all of this in a spreadsheet or go back and look through my calendar. If I am not rushed for time too bad, I try to update the ROC, specifically, section 4.10.
However, while it is mandatory to track them there, it does not provide all the data needed to remember what was captured. For that, you are managing notebooks or some other way to capture the details of the interview. There is a better way.
TurboQSA changes many things about the process of conducting a ROC project, but one of the best changes is getting a clear understanding of what everyone in each of your clients is responsible for. It is super important to know that but you have to keep up with it and for a numerous customers simultaneously. The early hours of a ROC project in TurboQSA are spent identifying persons whom will be involved in the project and assigning “Responsibility Areas” to them. This way, when you go to schedule interviews or request evidence, TurboQSA knows who to go to for the information. Each control also has up to 3 responsibility areas assigned to it. So, when you go to the interview scheduler for that control, the system makes suggestions on who to invite.
Can it get any better? Yes, it can. While you are in the interview setup screen, after you have selected the invitees, you are given the opportunity to see if these invitees are responsible for other controls and you can make the meeting very efficient by adding these topics to the meeting.
All attendees receive an email with a calendar invite for the meeting with sufficient detail (that you can optionally customize) for the meeting.
At a glance you can manage your day:
The projects are color coded and so are the meetings. Perfect.
Going back to the ROC, you can see that by scheduling the interview the ROC was populated with the people selected. Also notice the other requirement below. It was populated as well because we decided to bring in that requirement since we already had the right people in the room for the interview. More time saved!
Starting to see how TurboQSA can transform the process? Reach out today for a demo and to set up your 60-day full featured trial. Contact us at email@example.com