Defining objectives

Note

Depending on your organization's project or framework configuration, objectives may also be called sections, processes, cycles, functional areas, application systems, risk categories, or another custom term.

Define the areas under examination and the organizing containers for projects or frameworks.

What are objectives

Objectives are the basis of a project or framework. They are also the organizing containers for the work done in a project or framework. Each objective states the subject matter under examination and how performance will be assessed.

Limitations

You can define a maximum of 500 objectives per project or framework.

Before you start

Before you can define objectives, you must create a project or a framework.

Example

Defining objectives

Scenario

You are responsible for an entire Cybersecurity Review project. You need to define objectives within the project and state how performance will be assessed for each objective.

Process

You navigate to the Fieldwork tab within the project, and begin adding objectives. For each objective, you enter the relevant information.

Result

You define the objectives in the project as follows:

Title Description Reference Assigned User
Protect Access to assets and associated facilities is limited to authorized users and devices, and to authorized activities and transactions. CS_P Jane Doe
Detect The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures. CS_D Jane Doe
Respond Analysis is conducted to ensure adequate response and support recovery activities. CS_R Jane Doe
Identify The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy. CS_I John Smith
Recover Recovery procedures are executed and maintained to ensure timely restoration of systems or assets affected by cybersecurity events. CS_R John Smith

Permissions

Professional Managers and Professional Users can define objectives.

Define objectives

Notes

  • Interface terms are customizable, and fields and tabs are configurable. In your instance of Diligent One, some terms, fields, and tabs may be different.
  • If a required field is left blank, you will see a warning message: This field is required. Some custom fields may have default values.
  1. Do one of the following:
    • To define risks and procedures in a project:
      1. Open the Projects app.

      2. Open a project, and click the Fieldwork tab.
    • To define risks and procedures in a framework:
      1. Open Frameworks.
      2. Open a framework, and click the Sections tab.
  2. Click Add Objective.
  3. Enter the relevant information and click Save.

Objective fields

Note

Rich text fields cannot exceed 524,288 characters.

Tip

To enable spell check on rich text fields, do one of the following:

  • Chrome, Firefox, or Safari CTRL + right-click within the field on Windows or Command + right-click on Mac
  • Internet Explorer or Microsoft Edge open your browser settings and turn on spell check / highlighting of misspelled words
Field Description
Title a descriptive name for the objective
Note

The maximum length is 60 characters.

Description

optional

a statement about the objective

Reference

the numbering prefix to be used for the objective

The maximum length is 8 characters.

Division/Department

optional

the division or department responsible for the objective

Owner

optional

allows you to assign a licensed or non-licensed user as an owner of the objective for tracking and reporting purposes

Typically this is the key person accountable for the process/risk/control (often the manager of the function).

Managers responsible for an entire objective that have been assigned the Contributor Tester or Contributor User role are assigned as an owner of an objective. Once a person is assigned as an owner of an objective, they receive an email notification with a link to the objective, granting them write access to controls and read access to risks and the objective overview.

Executive Owner

optional

allows you to assign a licensed or non-licensed user as an executive owner of the objective for tracking and reporting purposes

Typically this is a sponsor/leader accountable for the process/risk/control (often the VP/C-Suite of the owner).

This may be board or executive members that are responsible for an entire objective and have been assigned the Contributor Tester or Contributor User role are assigned as an executive owner of an objective.

Once a person has been assigned as executive owner, they receive an email notification with a link to the objective, granting them write access to controls and read access to risks and the objective overview.

Assigned User

allows you to assign the objective to a member of the project team, granting them full read and write access to the objective

Typically, this is the key person accountable to perform risk assessment, control testing, and so on. (This can be the staff member reporting to the owner, auditor, or risk manager.)

Once the team member is assigned the objective, they receive an email notification with a link to the objective. Email notifications sent from Projects redirect Diligent One users to the Assessments app. Each card within Assessments has a link back to Projects. Users who are not registered on Diligent One receive a public URL.

The team member is also able to view the objective under My work status on the dashboard of the project or framework.

Note

Only Professional Managers and Professional Users can assign objectives, and only Professional Managers and Professional Users can be selected from the Assigned User dropdown list.

Planned Start Date

optional

specifies the date when work on the objective is planned to start

Project Admins and Project Type Admins can enable and customize this field under Managing project types (see Projects app settings).

Planned End Date

optional

specifies the date when work on the objective is planned to end

Project Admins and Project Type Admins can enable and customize this field under Manage project types.

Actual Start Date

optional

specifies the date when work on the objective actually started

Project Admins and Project Type Admins can enable and customize this field under Manage project types.

Actual End Date

optional

specifies the date when work on the objective actually ended

Project Admins and Project Type Admins can enable and customize this field under Managing project types (see Projects app settings).

Planned Milestone Date

optional

specifies the planned date of a milestone associated with the objective

Project Admins and Project Type Admins can enable and customize this field under Managing project types (see Projects app settings).

Actual Milestone Date

optional

specifies the actual date of a milestone associated with the objective

Project Admins and Project Type Admins can enable and customize this field under Managing project types (see Projects app settings).

Attributes

optional

specifies the attributes associated with the objective

Project Admins and Project Type Admins can enable and customize this field under Managing project types (see Projects app settings).

Entity Coverage

optional

allows you to tag the objective to one or more entities for reporting purposes

Note

Only Professional Managers and Professional Users can tag an objective with an entity by clicking Show content and selecting each entity to associate with the objective. Changes are automatically saved.

Add multiple objectives

For information about adding multiple objectives at once, see Bulk importing objectives.