Defining objectives
Depending on your organization's project or framework configuration, objectives may also be called sections, processes, cycles, functional areas, application systems, risk categories, or another custom term.
Define the areas under examination and the organizing containers for projects or frameworks.
What are objectives?
Objectives are the basis of a project or framework. They are also the organizing containers for the work done in a project or framework. Each objective states the subject matter under examination and how performance will be assessed.
Limitations
You can define a maximum of 500 objectives per project or framework.
Before you start
Before you can define objectives, you must create a project or a framework.
Example
Defining objectives
Scenario
You are responsible for an entire Cybersecurity Review project. You need to define objectives within the project and state how performance will be assessed for each objective.
Process
You navigate to the Fieldwork tab within the project, and begin adding objectives. For each objective, you enter the relevant information.
Result
You define the objectives in the project as follows:
Title | Description | Reference | Assigned User |
---|---|---|---|
Protect | Access to assets and associated facilities is limited to authorized users and devices, and to authorized activities and transactions. | CS_P | Jane Doe |
Detect | The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures. | CS_D | Jane Doe |
Respond | Analysis is conducted to ensure adequate response and support recovery activities. | CS_R | Jane Doe |
Identify | The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy. | CS_I | John Smith |
Recover | Recovery procedures are executed and maintained to ensure timely restoration of systems or assets affected by cybersecurity events. | CS_R | John Smith |
Permissions
Professional Managers and Professional Users can define objectives.
Define objectives
Note
- Interface terms are customizable, and fields and tabs are configurable. In your instance of Diligent One, some terms, fields, and tabs may be different.
- If a required field is left blank, you will see a warning message: This field is required. Some custom fields may have default values.
- Do one of the following:
- To define risks and procedures in a project:
From the Launchpad home page (www.highbond.com), select the Projects app to open it.
If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Projects app.
- Open a project, and click the Fieldwork tab.
- To define risks and procedures in a framework:
- Open Frameworks.
- Open a framework, and click the Sections tab.
- To define risks and procedures in a project:
- Click Add Objective.
- Enter the relevant information and click Save.
Objective fields
Rich text fields cannot exceed 524,288 characters.
Tip
To enable spell check on rich text fields, do one of the following:
- Chrome, Firefox, or Safari CTRL + right-click within the field on Windows or Command + right-click on Mac
- Internet Explorer or Microsoft Edge open your browser settings and turn on spell check / highlighting of misspelled words
After entering any data in a field, wait for the confirmation that it is saved successfully before you fill out any other fields. Else, you get an error indicating that your changes conflict with those made concurrently by another user.
Field | Description |
---|---|
Title | A descriptive name for the objective. Note The maximum length is 60 characters. |
Description |
A statement about the objective. This is an optional field. |
Reference |
The numbering prefix to be used for the objective The maximum length is 8 characters. |
Division/Department |
The division or department responsible for the objective This is an optional field. |
Owner |
Allows you to assign a licensed or non-licensed user as an owner of the objective for tracking and reporting purposes. This is an optional field. Typically this is the key person accountable for the process/risk/control (often the manager of the function). Managers responsible for an entire objective that have been assigned the Contributor Tester or Contributor User role are assigned as an owner of an objective. Once a person is assigned as an owner of an objective, they receive an email notification with a link to the objective, granting them write access to controls and read access to risks and the objective overview. |
Executive Owner |
Allows you to assign a licensed or non-licensed user as an executive owner of the objective for tracking and reporting purposes. This is an optional field. Typically this is a sponsor/leader accountable for the process/risk/control (often the VP/C-Suite of the owner). This may be board or executive members that are responsible for an entire objective and have been assigned the Contributor Tester or Contributor User role are assigned as an executive owner of an objective. After a person has been assigned as executive owner, they receive an email notification with a link to the objective, granting them write access to controls and read access to risks and the objective overview. |
Assigned User |
Allows you to assign the objective to a member of the project team, granting them full read and write access to the objective. Typically, this is the key person accountable to perform risk assessment, control testing, and so on. (This can be the staff member reporting to the owner, auditor, or risk manager.) Once the team member is assigned the objective, they receive an email notification with a link to the objective. Email notifications sent from Projects redirect Diligent One users to the Assessments app. Each card within Assessments has a link back to Projects. Users who are not registered on Diligent One receive a public URL. The team member is also able to view the objective under My work status on the dashboard of the project or framework. Note
Only Professional Managers and Professional Users can assign objectives, and only Professional Managers and Professional Users can be selected from the Assigned User dropdown list. |
Planned Start Date optional |
Specifies the date when work on the objective is planned to start. This is an optional field. Project Admins and Project Type Admins can enable and customize this field under Managing project types (see Projects app settings). |
Planned End Date |
Specifies the date when work on the objective is planned to end. This is an optional field. Project Admins and Project Type Admins can enable and customize this field under Manage project types. |
Actual Start Date |
Specifies the date when work on the objective actually started. This is an optional field. Project Admins and Project Type Admins can enable and customize this field under Manage project types. |
Actual End Date |
Specifies the date when work on the objective actually ended. This is an optional field. Project Admins and Project Type Admins can enable and customize this field under Managing project types (see Projects app settings). |
Planned Milestone Date
|
Specifies the planned date of a milestone associated with the objective. This is an optional field. Project Admins and Project Type Admins can enable and customize this field under Managing project types (see Projects app settings). |
Actual Milestone Date |
Specifies the actual date of a milestone associated with the objective. This is an optional field. Project Admins and Project Type Admins can enable and customize this field under Managing project types (see Projects app settings). |
Attributes |
Specifies the attributes associated with the objective. This is an optional field. Project Admins and Project Type Admins can enable and customize this field under Managing project types (see Projects app settings). |
Entity Coverage
|
Allows you to tag the objective to one or more entities for reporting purposes. This is an optional field. Note
Only Professional Managers and Professional Users can tag an objective with an entity by clicking Show content and selecting each entity to associate with the objective. Changes are automatically saved. |
Add multiple objectives
For information about adding multiple objectives at once, see Bulk importing objectives.