Recording actions

Record actions to identify follow-up measures for remediating identified issues.

Before you start

Before you can record an action, you must record an issue.

How it works

An action is a specific follow-up measure that is associated with an identified issue.

To define remediation responsibilities, you can add actions, assign action owners, and CC additional contributors on actions. You can also set up reminders for yourself to retest issues or track hours spent on retesting by self-assigning actions.

Once you assign an action owner, or CC contributors on an action, the appropriate people receive an email notification with a link to the action, and are able to update the action.

Email notifications about action updates

Note

Action links expire once the action is closed. If the action is re-opened, you can send a new email notification, which automatically creates a new action link.

When a person updates an action (changes field values) or posts a comment on an action, an email notification is sent to notify others. The tables below illustrate who receives an email notification, which depends on the person that updates or comments on the action.

Updating an action

Note

This Action Creator is the person that is specified in the Assigned by field.

Action updated by Email notification received by
Action Creator Action Owner CC'ed Person
Action Creator

Action Owner
CC'ed Person

Commenting on an action

Action commented by Email notification received by
Action Creator Action Owner CC'ed Person
Action Creator

Action Owner
CC'ed Person

Example

Recording an action

Scenario

You need to capture an action as a result of identifying that disaster recovery protocols are not coordinated within an organization.

Process

You open your Cybersecurity Review project, click the Issues tab, navigate to the Disaster Recovery Protocols issue, click the Follow-up & Remediation subtab, and click Add next to Actions to capture the action.

Result

You record the action as follows:

Permissions

  • Professional Managers and Professional Users can create, update, and delete any actions in a project.
  • Oversight Executives, and people without access to Diligent One that have been assigned actions, have respond-only access (can update the Submitted On and Status fields, post comments, and attach files).
  • Oversight Reviewers have read-only access to actions.
  • Contributor Managers, Contributor Testers, and Contributor Users can only update or delete actions that they own.

Navigate to the issues area

Notes

  • Interface terms are customizable, and fields and tabs are configurable. In your instance of Diligent One, some terms, fields, and tabs may be different.
  • If a required field is left blank, you will see a warning message: This field is required. Some custom fields may have default values.

Do one of the following:

Locate an issue in the Issues List

  1. Do any of the following:
    • Enter the title, or partial title, of the issue(s) in the search box.

      Issues that do not match your search are filtered out as you type.

    • Use any of the filters to restrict the issues that display on the page.

      By default, all issues from the project are displayed. Click Clear to remove any of the applied filters.

    • Click on any column header to sort the issue list by that column in ascending or descending order.
    • Click the project name to view all issues associated with the project.
      Note

      This option is only available in Issue Tracker.

  2. From the Issues tab, click the issue name or from Issue Tracker, click Details beside the appropriate issue.

    Result The Issue Details page opens.

Add an action

  1. Locate an issue in the Issues List.
  2. Click the Follow-up & Remediation tab.
  3. Click Add next to Actions.

    Result The New Action dialog opens.

  1. Enter the following information and click Save:
Field Description
Title

specifies the name of the action

The maximum length is 255 characters.

Owner

optional

specifies the person responsible for the action

The search field operates on the first and / or last name of the person.

Select Specify a user... and do one of the following:

  • Specify a user Select a person under the Users list if the person is a licensed user within the Diligent One instance.
  • Specify a contact If your organization uses the Results app, and has configured a Reference Collection, select a person under the Contacts list to specify one of your organization's contacts as the action owner.
  • Manually type in the name of the person and press Enter Use this option if the person is not a user or contact in a Diligent One instance. In addition to the person's name, you can manually type in their email in the Email address field.

If duplicate emails exist because the person is both a Diligent One user and contact, the contact email is filtered out of the search results and only the user email displays.

Note

Anyone can be assigned as an action owner. If the person does not have access to Diligent One, or has been assigned the Oversight Executive role on the project, they are sent an unauthenticated link to the action via email, allowing them access to respond to the action.

Send notification now

optional

Select this option to send an immediate email notification to the owner and any CC'ed persons.

Send weekly reminder

optional

Select this option to send recurring email reminders to the owner and any CC'ed persons. The default configuration is set to sending email reminders 28, 14, 7, 2, and 1 days prior to due date, but you can configure a custom frequency, if required.

For more information about recurring reminders, see Sending recurring action reminders.

Include issue title/ headline and description

optional

Select this option to provide additional issue details to the action owner. Once the action owner clicks on the link to the action in the email, they can see the fields on the action page.

Tip

This provides the ability to share contextual information with those assigned an action, while maintaining control over confidential project information.

Include remediation plan and deadline

optional

Select this option to provide additional remediation details to the action owner. Once the action owner clicks on the link to the action in the email, they can see the fields on the action page.

Tip

This provides the ability to share contextual information with those assigned an action, while maintaining control over confidential project information. For example, to use for those without access to the system.

Description

optional

specifies the details of the required action

Note

Rich text fields cannot exceed 524,288 characters.

Tip

To enable spell check on rich text fields, do one of the following:

  • Chrome, Firefox, or Safari CTRL + right-click within the field on Windows or Command + right-click on Mac
  • Internet Explorer or Microsoft Edge open your browser settings and turn on spell check / highlighting of misspelled words

CC

optional

specifies one or more people that can contribute to the action

Only Professional Managers, Professional Users, or users assigned a Contributor role can update this field.

Note

Anyone can be CC'ed on an action. If the person does not have access to Diligent One, or has been assigned the Oversight Executive role on the project, they are sent an unauthenticated link to the action via email, allowing them access to respond to the action.

Tip

You can press enter, spacebar, comma, tab, or semi-colon to add an email to the CC list.
Due date specifies the date the action must be completed by

Priority

optional

specifies the priority of the action

For example, the action could be specified as "High", "Medium", or "Low." Project Admins and Project Type Admins can customize the options for this field under Manage project types.

Add multiple actions

For information about adding multiple actions at once, see Bulk importing actions.

View or update an action

If you have been assigned an action, you can view or update it.

Note

You can't update the Information and Email notification tabs after Follow-up & Remediation is signed off at any level. However, you can update the Action Follow-up and Complete Action tabs after Follow-up & Remediation is signed off at any level.

  1. Locate an issue in the Issues List.
  2. Click the Follow-up & Remediation tab.
  3. Click View/Discuss next to the action you want to view or update.

    Result The action dialog containing the following tabs opens:

    • Information

    • Email notification

    • Action Follow-Up

    • Complete Action

View or update action information

Note

You can't update the Information tab after Follow-up & Remediation is signed off at any level.

  1. Locate an issue in the Issues List.
  2. Click the Follow-up & Remediation tab.
  3. Click View/Discuss next to the action you want to view or update.
  4. Update the Information tab with the following and click Save:
Field Description
Title

specifies the name of the action

The maximum length is 255 characters.
Assigned by

specifies the creator of the action

This field is only available if you are updating an existing action. Only Professional Managers, Professional Users, or users assigned a Contributor role that have created the action, can update this field.

Owner

optional

specifies the person responsible for the action

The search field operates on the first and / or last name of the person.

Select Specify a user... and do one of the following:

  • Specify a user Select a person under the Users list if the person is a licensed user within the Diligent One instance.
  • Specify a contact If your organization uses the Results app, and has configured a Reference Collection, select a person under the Contacts list to specify one of your organization's contacts as the action owner.
  • Manually type in the name of the person and press Enter Use this option if the person is not a user or contact in a Diligent One instance. In addition to the person's name, you can manually type in their email in the Email address field.

If duplicate emails exist because the person is both a Diligent One user and contact, the contact email is filtered out of the search results and only the user email displays.

Note

Anyone can be assigned as an action owner. If the person does not have access to Diligent One, or has been assigned the Oversight Executive role on the project, they are sent an unauthenticated link to the action via email, allowing them access to respond to the action.

Description

optional

specifies the details of the required action

Note

Rich text fields cannot exceed 524,288 characters.

Tip

To enable spell check on rich text fields, do one of the following:

  • Chrome, Firefox, or Safari CTRL + right-click within the field on Windows or Command + right-click on Mac
  • Internet Explorer or Microsoft Edge open your browser settings and turn on spell check / highlighting of misspelled words
Due date specifies the date the action must be completed by

Priority

optional

specifies the priority of the action

For example, the action could be specified as "High", "Medium", or "Low." Project Admins and Project Type Admins can customize the options for this field under Manage project types.

View or update email notifications

Note

You can't update the email notificationtab after Follow-up & Remediation is signed off at any level.

  1. Locate an issue in the Issues List.
  2. Click the Follow-up & Remediation tab.
  3. Click View/Discuss next to the action you want to view or update.
  4. Click the Email notification tab.
  5. Update the following information and click Save:
Field Description

Send notification now

optional

Select this option to send an immediate email notification to the owner and any CC'ed persons.

Send reminder 28, 14, 7, 2, and 1 days prior to due date

optional

Select this option to send recurring email reminders to the owner and any CC'ed persons. The default configuration is set to sending email reminders 28, 14, 7, 2, and 1 days prior to due date, but you can configure a custom frequency, if required.

For more information about recurring reminders, see Sending recurring action reminders.

Include issue title/ headline and description

optional

Select this option to provide additional issue details to the action owner. Once the action owner clicks on the link to the action in the email, they can see the fields on the action page.

Tip

This provides the ability to share contextual information with those assigned an action, while maintaining control over confidential project information.

Include remediation plan and deadline

optional

Select this option to provide additional remediation details to the action owner. Once the action owner clicks on the link to the action in the email, they can see the fields on the action page.

Tip

This provides the ability to share contextual information with those assigned an action, while maintaining control over confidential project information.

CC

optional

specifies one or more people that can contribute to the action

Only Professional Managers, Professional Users, or users assigned a Contributor role can update this field.

Note

Anyone can be CC'ed on an action. If the person does not have access to Diligent One, or has been assigned the Oversight Executive role on the project, they are sent an unauthenticated link to the action via email, allowing them access to respond to the action.

Tip

You can press enter, spacebar, comma, tab, or semi-colon to add an email to the CC list.

Follow up on an action

Note

You can update items in the Action Follow-Up tab after Follow-up & Remediation is signed off at any level.

  1. Locate an issue in the Issues List.
  2. Click the Follow-up & Remediation tab.
  3. Click View/Discuss next to the action you want to update.
  4. Click the Action Follow-Up tab.
  5. Update the following information and click Save:
Field Description

Submitted On

specifies the date when the action was completed or addressed

Status

specifies the current status of the action

For example, the status can be "Opened", "Awaiting Management Response", "Management Remediating", "Remediated - Awaiting Verification", "Audit Verifying", "Re-Opened", or "Completed". Project Admins and Project Type Admins can customize the options for this field under Manage project types.

Note

Project Admins can configure permission settings so that anyone with access to actions can update the Status field. They can also limit who can update the Status field to only licensed Diligent One users with access to actions. For more information, see Projects app settings.
New Comment

Add a comment and / or upload a file.

For more information about attachments, see Working with attachments.

Note

For security reasons, Diligent One does not accept file attachments with the following extensions: .bat, .com, .dmg, .exe, or .scr.

Complete an action

Note

You can update items in the Complete Action tab after Follow-up & Remediation is signed off at any level.

  1. Locate an issue in the Issues List.
  2. Click the Follow-up & Remediation tab.
  3. Click View/Discuss next to the action you want to update.
  4. Click the Complete Action tab.
  5. Update the following information and click Save:
Field Description
Completed on

specifies the date that the action was completed or addressed

This field is typically filled out by the issue owner. This field is only available if you are updating an existing action.

State

This field is only available if you are updating an existing action.

  • Open The action is in an active state, and email notifications about the action are sent to the specified people.

  • Closed The owner of the action, and any CC'ed persons on the action, stop receiving email notifications about the action. The link to the action in the email notification expires.

    Note

    If the action is re-opened, you can send a new email notification to the appropriate people, which automatically creates a new link to the action.

    Tip

    Issue owners can maintain control to close the action using the Action state field.

Delete an action

Caution

Deleting an action permanently removes it from the project. Once deleted, you cannot access or restore the action.

  1. Navigate to the project that contains the action you want to remove.
  2. Click the Issues tab.
  3. Click the Follow-up & Remediation subtab.
  4. Click View/Discuss next to the action you want to remove.
  5. Click Delete Action at the bottom of the Information tab.
  6. Click OK in the confirmation dialog box.

    Result The action is permanently deleted.