This article assumes you have already filled out your Company Settings and created User Accounts including selecting your GRC Lead. If not, please go to the tutorial "How to Configure Company Settings and User Set Up" before following these next instructions.
In our example, our GRC Lead is Andrew. When Andrew logs in, it will take him to his Personal Page. From here he will click on the Personal navigation button on the left hand menu bar and it will bring up this screen, where he will switch to his GRC Lead role.
He will then see at the top of his screen the GRC Configuration button which he will select.
The following screen shows that there currently is no audit in progress. After you select the "Start Audit" button you have two options.
Option 1: If you are working with a SOC 2 Readiness Expert or an Auditor that wants to help you set up your SOC 2 Audit, you can select the "Pre Audit Readiness" option on the left pulldown. Then move to the right and select both the start and end dates using the calendar pulldowns.
Option 2: If you are ready to start the actual audit period, choose the following options:
Left side: choose your audit period via the dropdown: 3 months, 6 months, 9 months or 1 year. Middle box: use the calendar module to select the start date for your audit. The right hand box with the end date will then auto-populate based upon your audit period timeframe.
Select the SOC 2 Categories for this audit period. Security and Availability are the minimum required to satisfy a SOC 2 Audit Report.
1) If you want to include Employee Evaluations for this audit, check the top box to the right.
2) If you want to enable Performance Plans, check the middle box to the right.*
3) If you want to enable the 1 to 1 Sync Meeting, between the manager and their direct report, select the last checkbox on the right.*
*Please note that Enabling Evaluations is required if you select either of the other two.
4) If you want to Enable Department Meetings, check this option off as well.
5) Lastly choose your Employee Evaluation and Department Meeting Frequency, via the pulldowns offered.
6) and 7) If you have a Compliance Partner that you are working with, look for them in the pulldown and if not there already, type in their name. Same idea with adding an Automation Platform if you are using one, select from the list or create the entry.
And then hit "Save". This is how the completed page would look:
Once you hit "Save" the GRC Compliance Dashboard for the entire organization will be displayed. It shows 4 sections: Completed Items, Upcoming Ones, Past Due Items (which include missed meetings) and anything Not Yet Assigned a Host or Scheduled (ones that the host of the meeting has yet to schedule).
Next steps for the GRC Configuration Set Up are Managing Templates and Managing Checklists which are two separate tutorials.