Recording actions
Record actions to identify follow-up measures for remediating identified issues.
Before you start
Before you can record an action, you must record an issue.
How it works
An action is a specific follow-up measure that is associated with an identified issue.
To define remediation responsibilities, you can add actions, assign action owners, and CC additional contributors on actions. You can also set up reminders for yourself to retest issues or track hours spent on retesting by self-assigning actions.
Once you assign an action owner, or CC contributors on an action, the appropriate people receive an email notification with a link to the action, and are able to update the action.
Email notifications about action updates
Action links expire once the action is closed. If the action is re-opened, you can send a new email notification, which automatically creates a new action link.
When a person updates an action (changes field values) or posts a comment on an action, an email notification is sent to notify others. The tables below illustrate who receives an email notification, which depends on the person that updates or comments on the action.
Updating an action
This Action Creator is the person that is specified in the Assigned by field.
Action updated by | Email notification received by | ||
---|---|---|---|
Action Creator | Action Owner | CC'ed Person | |
Action Creator |
|
||
Action Owner | |||
CC'ed Person |
Commenting on an action
Action commented by | Email notification received by | ||
---|---|---|---|
Action Creator | Action Owner | CC'ed Person | |
Action Creator |
|
||
Action Owner | |||
CC'ed Person |
Example
Recording an action
Scenario
You need to capture an action as a result of identifying that disaster recovery protocols are not coordinated within an organization.
Process
You open your Cybersecurity Review project, click the Issues tab, navigate to the Disaster Recovery Protocols issue, click the Follow-up & Remediation subtab, and click Add next to Actions to capture the action.
Result
You record the action as follows:
Permissions
- Professional Managers and Professional Users can create, update, and delete any actions in a project.
- Oversight Executives, and people without access to Diligent One that have been assigned actions, have respond-only access (can update the Submitted On and Status fields, post comments, and attach files).
- Oversight Reviewers have read-only access to actions.
- Contributor Managers, Contributor Testers, and Contributor Users can only update or delete actions that they own.
Navigate to the issues area
Note
- Interface terms are customizable, and fields and tabs are configurable. In your instance of Diligent One, some terms, fields, and tabs may be different.
- If a required field is left blank, you will see a warning message: This field is required. Some custom fields may have default values.
Do one of the following:
- Work with issues from a specific project
-
From the Launchpad home page (www.highbond.com), select the Projects app to open it.
If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Projects app.
- Navigate to a project.
- Click the Issues tab.
-
- Work with issues from all projects Open the Issue Tracker app.
Locate an issue in the Issues List
- Do any of the following:
- Enter the title, or partial title, of the issue(s) in the search box.
Issues that do not match your search are filtered out as you type.
- Use any of the filters to restrict the issues that display on the page.
By default, all issues from the project are displayed. Click Clear to remove any of the applied filters.
- Click on any column header to sort the issue list by that column in ascending or descending order.
- Click the project name to view all issues associated with the project.
Note
This option is only available in Issue Tracker.
- Enter the title, or partial title, of the issue(s) in the search box.
- From the Issues tab, click the issue name or from Issue Tracker, click Details beside the appropriate issue.
Result The Issue Details page opens.
Add an action
- Locate an issue in the Issues List.
- Click the Follow-up & Remediation tab.
- Enter the following information and click Save:
Field | Description |
---|---|
Title |
specifies the name of the action The maximum length is 255 characters. |
Owner optional |
specifies the person responsible for the action The search field operates on the first and / or last name of the person. Select Specify a user... and do one of the following:
If duplicate emails exist because the person is both a Diligent One user and contact, the contact email is filtered out of the search results and only the user email displays. Note
Anyone can be assigned as an action owner. If the person does not have access to Diligent One, or has been assigned the Oversight Executive role on the project, they are sent an unauthenticated link to the action via email, allowing them access to respond to the action. |
Send notification now optional |
Select this option to send an immediate email notification to the owner and any CC'ed persons. |
Send weekly reminder optional |
Select this option to send recurring email reminders to the owner and any CC'ed persons. The default configuration is set to sending email reminders 28, 14, 7, 2, and 1 days prior to due date, but you can configure a custom frequency, if required. For more information about recurring reminders, see Sending recurring action reminders. |
Include issue title/ headline and description optional |
Select this option to provide additional issue details to the action owner. Once the action owner clicks on the link to the action in the email, they can see the fields on the action page. Tip This provides the ability to share contextual information with those assigned an action, while maintaining control over confidential project information. |
Include remediation plan and deadline optional |
Select this option to provide additional remediation details to the action owner. Once the action owner clicks on the link to the action in the email, they can see the fields on the action page. Tip This provides the ability to share contextual information with those assigned an action, while maintaining control over confidential project information. For example, to use for those without access to the system. |
Description optional |
specifies the details of the required action Note
Rich text fields cannot exceed 524,288 characters. Tip To enable spell check on rich text fields, do one of the following:
|
CC optional |
specifies one or more people that can contribute to the action Only Professional Managers, Professional Users, or users assigned a Contributor role can update this field. Note
Anyone can be CC'ed on an action. If the person does not have access to Diligent One, or has been assigned the Oversight Executive role on the project, they are sent an unauthenticated link to the action via email, allowing them access to respond to the action. Tip
You can press enter, spacebar, comma, tab, or semi-colon to add an email to the CC list. |
Due date | specifies the date the action must be completed by |
Priority optional |
specifies the priority of the action For example, the action could be specified as "High", "Medium", or "Low." Project Admins and Project Type Admins can customize the options for this field under Manage project types. |
Add multiple actions
For information about adding multiple actions at once, see Bulk importing actions.
View or update an action
If you have been assigned an action, you can view or update it.
Note
You can't update the Information and Email notification tabs after Follow-up & Remediation is signed off at any level. However, you can update the Action Follow-up and Complete Action tabs after Follow-up & Remediation is signed off at any level.
- Locate an issue in the Issues List.
- Click the Follow-up & Remediation tab.
View or update action information
Note
You can't update the Information tab after Follow-up & Remediation is signed off at any level.
- Locate an issue in the Issues List.
- Click the Follow-up & Remediation tab.
Field | Description |
---|---|
Title |
specifies the name of the action The maximum length is 255 characters. |
Assigned by |
specifies the creator of the action This field is only available if you are updating an existing action. Only Professional Managers, Professional Users, or users assigned a Contributor role that have created the action, can update this field. |
Owner optional |
specifies the person responsible for the action The search field operates on the first and / or last name of the person. Select Specify a user... and do one of the following:
If duplicate emails exist because the person is both a Diligent One user and contact, the contact email is filtered out of the search results and only the user email displays. Note
Anyone can be assigned as an action owner. If the person does not have access to Diligent One, or has been assigned the Oversight Executive role on the project, they are sent an unauthenticated link to the action via email, allowing them access to respond to the action. |
Description optional |
specifies the details of the required action Note
Rich text fields cannot exceed 524,288 characters. Tip To enable spell check on rich text fields, do one of the following:
|
Due date | specifies the date the action must be completed by |
Priority optional |
specifies the priority of the action For example, the action could be specified as "High", "Medium", or "Low." Project Admins and Project Type Admins can customize the options for this field under Manage project types. |
View or update email notifications
Note
You can't update the email notificationtab after Follow-up & Remediation is signed off at any level.
- Locate an issue in the Issues List.
- Click the Follow-up & Remediation tab.
Field | Description |
---|---|
Send notification now optional |
Select this option to send an immediate email notification to the owner and any CC'ed persons. |
Send reminder 28, 14, 7, 2, and 1 days prior to due date optional |
Select this option to send recurring email reminders to the owner and any CC'ed persons. The default configuration is set to sending email reminders 28, 14, 7, 2, and 1 days prior to due date, but you can configure a custom frequency, if required. For more information about recurring reminders, see Sending recurring action reminders. |
Include issue title/ headline and description optional |
Select this option to provide additional issue details to the action owner. Once the action owner clicks on the link to the action in the email, they can see the fields on the action page. Tip This provides the ability to share contextual information with those assigned an action, while maintaining control over confidential project information. |
Include remediation plan and deadline optional |
Select this option to provide additional remediation details to the action owner. Once the action owner clicks on the link to the action in the email, they can see the fields on the action page. Tip This provides the ability to share contextual information with those assigned an action, while maintaining control over confidential project information. |
CC optional |
specifies one or more people that can contribute to the action Only Professional Managers, Professional Users, or users assigned a Contributor role can update this field. Note
Anyone can be CC'ed on an action. If the person does not have access to Diligent One, or has been assigned the Oversight Executive role on the project, they are sent an unauthenticated link to the action via email, allowing them access to respond to the action. Tip
You can press enter, spacebar, comma, tab, or semi-colon to add an email to the CC list. |
Follow up on an action
Note
You can update items in the Action Follow-Up tab after Follow-up & Remediation is signed off at any level.
- Locate an issue in the Issues List.
- Click the Follow-up & Remediation tab.
Field | Description |
---|---|
Submitted On |
specifies the date when the action was completed or addressed |
Status |
specifies the current status of the action For example, the status can be "Opened", "Awaiting Management Response", "Management Remediating", "Remediated - Awaiting Verification", "Audit Verifying", "Re-Opened", or "Completed". Project Admins and Project Type Admins can customize the options for this field under Manage project types. Note Project Admins can configure permission settings so that anyone with access to actions can update the Status field. They can also limit who can update the Status field to only licensed Diligent One users with access to actions. For more information, see Projects app settings. |
New Comment |
Add a comment and / or upload a file. For more information about attachments, see Working with attachments. Note For security reasons, Diligent One does not accept file attachments with the following extensions: .bat, .com, .dmg, .exe, or .scr. |
Complete an action
Note
You can update items in the Complete Action tab after Follow-up & Remediation is signed off at any level.
- Locate an issue in the Issues List.
- Click the Follow-up & Remediation tab.
Field | Description |
---|---|
Completed on |
specifies the date that the action was completed or addressed This field is typically filled out by the issue owner. This field is only available if you are updating an existing action. |
State |
This field is only available if you are updating an existing action.
|
Delete an action
Deleting an action permanently removes it from the project. Once deleted, you cannot access or restore the action.
- Navigate to the project that contains the action you want to remove.
- Click the Issues tab.
- Click the Follow-up & Remediation subtab.
- Click View/Discuss next to the action you want to remove.
- Click Delete Action at the bottom of the Information tab.
- Click OK in the confirmation dialog box.
Result The action is permanently deleted.