Defining objectives
Depending on your organization's project or framework configuration, objectives may also be called sections, processes, cycles, functional areas, application systems, risk categories, or another custom term.
Define the areas under examination and the organizing containers for projects or frameworks.
What are objectives?
Objectives are the basis of a project or framework. They are also the organizing containers for the work done in a project or framework. Each objective states the subject matter under examination and how performance will be assessed.
Limitations
You can define a maximum of 500 objectives per project or framework.
Before you start
Before you can define objectives, you must create a project or a framework.
Example
Defining objectives
Scenario
You are responsible for an entire Cybersecurity Review project. You need to define objectives within the project and state how performance will be assessed for each objective.
Process
You navigate to the Fieldwork tab within the project, and begin adding objectives. For each objective, you enter the relevant information.
Result
You define the objectives in the project as follows:
Title | Description | Reference | Assigned User |
---|---|---|---|
Protect | Access to assets and associated facilities is limited to authorized users and devices, and to authorized activities and transactions. | CS_P | Jane Doe |
Detect | The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures. | CS_D | Jane Doe |
Respond | Analysis is conducted to ensure adequate response and support recovery activities. | CS_R | Jane Doe |
Identify | The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy. | CS_I | John Smith |
Recover | Recovery procedures are executed and maintained to ensure timely restoration of systems or assets affected by cybersecurity events. | CS_R | John Smith |
Permissions
Professional Managers and Professional Users can define objectives.
Define objectives
Notes
- Interface terms are customizable, and fields and tabs are configurable. In your instance of Diligent One, some terms, fields, and tabs may be different.
- If a required field is left blank, you will see a warning message: This field is required. Some custom fields may have default values.
- Do one of the following:
- To define risks and procedures in a project:
- Open a project, and click the Fieldwork tab.
- To define risks and procedures in a framework:
- Open Frameworks.
- Open a framework, and click the Sections tab.
- To define risks and procedures in a project:
- Click Add Objective.
- Enter the relevant information and click Save.
Objective fields
Rich text fields cannot exceed 524,288 characters.
Tip
To enable spell check on rich text fields, do one of the following:
- Chrome, Firefox, or Safari CTRL + right-click within the field on Windows or Command + right-click on Mac
- Internet Explorer or Microsoft Edge open your browser settings and turn on spell check / highlighting of misspelled words
Field | Description |
---|---|
Title | a descriptive name for the objective Note The maximum length is 60 characters. |
Description optional |
a statement about the objective |
Reference |
the numbering prefix to be used for the objective The maximum length is 8 characters. |
Division/Department optional |
the division or department responsible for the objective |
Owner optional |
allows you to assign a licensed or non-licensed user as an owner of the objective for tracking and reporting purposes Typically this is the key person accountable for the process/risk/control (often the manager of the function). Managers responsible for an entire objective that have been assigned the Contributor Tester or Contributor User role are assigned as an owner of an objective. Once a person is assigned as an owner of an objective, they receive an email notification with a link to the objective, granting them write access to controls and read access to risks and the objective overview. |
Executive Owner optional |
allows you to assign a licensed or non-licensed user as an executive owner of the objective for tracking and reporting purposes Typically this is a sponsor/leader accountable for the process/risk/control (often the VP/C-Suite of the owner). This may be board or executive members that are responsible for an entire objective and have been assigned the Contributor Tester or Contributor User role are assigned as an executive owner of an objective. Once a person has been assigned as executive owner, they receive an email notification with a link to the objective, granting them write access to controls and read access to risks and the objective overview. |
Assigned User |
allows you to assign the objective to a member of the project team, granting them full read and write access to the objective Typically, this is the key person accountable to perform risk assessment, control testing, and so on. (This can be the staff member reporting to the owner, auditor, or risk manager.) Once the team member is assigned the objective, they receive an email notification with a link to the objective. Email notifications sent from Projects redirect Diligent One users to the Assessments app. Each card within Assessments has a link back to Projects. Users who are not registered on Diligent One receive a public URL. The team member is also able to view the objective under My work status on the dashboard of the project or framework. Note
Only Professional Managers and Professional Users can assign objectives, and only Professional Managers and Professional Users can be selected from the Assigned User dropdown list. |
Planned Start Date optional |
specifies the date when work on the objective is planned to start Project Admins and Project Type Admins can enable and customize this field under Managing project types (see Projects app settings). |
Planned End Date optional |
specifies the date when work on the objective is planned to end Project Admins and Project Type Admins can enable and customize this field under Manage project types. |
Actual Start Date optional |
specifies the date when work on the objective actually started Project Admins and Project Type Admins can enable and customize this field under Manage project types. |
Actual End Date optional |
specifies the date when work on the objective actually ended Project Admins and Project Type Admins can enable and customize this field under Managing project types (see Projects app settings). |
Planned Milestone Date optional |
specifies the planned date of a milestone associated with the objective Project Admins and Project Type Admins can enable and customize this field under Managing project types (see Projects app settings). |
Actual Milestone Date optional |
specifies the actual date of a milestone associated with the objective Project Admins and Project Type Admins can enable and customize this field under Managing project types (see Projects app settings). |
Attributes optional |
specifies the attributes associated with the objective Project Admins and Project Type Admins can enable and customize this field under Managing project types (see Projects app settings). |
Entity Coverage optional |
allows you to tag the objective to one or more entities for reporting purposes Note
Only Professional Managers and Professional Users can tag an objective with an entity by clicking Show content and selecting each entity to associate with the objective. Changes are automatically saved. |
Add multiple objectives
For information about adding multiple objectives at once, see Bulk importing objectives.