Testing Controls

Testing controls can be performed in two ways: Automated and Manual. Once you have set up your integrations, you can leverage automated tests. Automated tests run automatically at the set evaluation frequency for each control. For self-assessment, you need to run the test and collect the required evidence manually.

Automation Indicators

A majority of automation activities take place as part of the onboarding and setup processes. Also, we are frequently adding new integrations, allowing your list of automated controls to grow. In order to easily find these controls, an orange robot icon next to a connected control indicates that potential automation is now available.

1. Clicking on the control will open up the details and integrations that are now automated.

2. Clicking each button will direct you to the integration setup page.

Automated Tests

After setting up the integrations, you can leverage automated tests. Automated tests run automatically at the set evaluation frequency for each control. Once an automated test is run, the evidence for that control is fetched automatically. If an automated test fails, you can click on the view activity icon to see the failed resources and how to remediate the test.

The following video will guide you through running automated tests in TrustOps.

Video: Running Automated Tests on TrustOps

A Step by step guide to run automated tests

1. Click on the ‘Run Test’ icon (play button) under the action items to run tests one by one.

2. To bulk select all tests to run at once, check the box at the top of the “Automated Tests” page and click on “Run Tests”.

3. For the failed tests, select the ‘View Activity’ icon to see why they did not pass. There are recommendations on this page to help you pass the test.

Alternative way to run automated tests

1. In TrustOps, click on “Programs” and click on “Systems” on the panel on the left side of the screen.

a. Some of the systems have a green dot in the corner. That means this system has automated tests ready to run.

2. To bulk select all tests to run at once, check the box at the top of the “Automated Tests” page and click on “Run Tests”.

3. For the failed tests, select the ‘View Activity’ icon to see why they did not pass. There are recommendations on this page to help you pass the test.

Self Assessments

Not all tests can be automated due to the fact that some require human judgment or are not yet automated. For self-assessments, you will need to run the test and collect the required evidence manually.

The following video will guide you on how to take a self-assessment.

Video: Running Self Assessments on TrustOps

A step-by-step guide to completing a self-assessment

1. Scroll down the page to see your program summary. Locate the Control Status box. Select the “Not Run” controls tab.
   1. It is possible that some controls that have not been run yet are automated, but most of the time the controls that have not been run are self-assessments.
2. Select the control that has not run. Under Actions, you can select the play button to take the assessment. Answer the questions.
3. Click on “Finish”.
   1. Click on the “View Activity” button under the “Actions” field. The “What You Need To Do” section helps you get a better understanding of what needs to be done to pass the self-assessment.

Adding Evidence

If you have certain controls in place, the only way to prove them is by providing documentation. Your auditor will go through the evidence to make sure that you are actually doing what you say you are doing.

The following video will guide you on how to add evidence to a test.

Video: Adding Evidence on TrustOps

A step-by-step guide to adding evidence

1. Select the control you want to add evidence to.

2. The tests are listed under the ‘Self-Assessment’ section of the page.

a. If a test has not been run yet, you need to run the test by selecting the ‘Take Assessment’ action icon (play button) on the right side of the screen. Answer yes or no, and add any relevant comments.

3. Click on “Finish”.

4. Click on the “View Activity” button or on the three ellipsis icons. From the drop-down menu, select “Add Evidence”.

5. While uploading evidence, you have the following options:

a. Link: Add a link to a file or a folder.

b. Upload: Upload an individual file or a ZIP file.

c. Attach from Inventory: Select records from your connected systems to use as evidence.

History of Tests

You can view the who, what, and when of your test history and reports for automated self-assessments with just one click.

To view History of tests,

1. Navigate to the controls page in your program.

2. Click on the “View Activity” button.

3. Alternatively, you can also find the three ellipsis icons and, from the drop-down menu, click on “View Test History”.

For automated tests, this activity includes the latest test report along with a history of reports, who ran them, when they were run, and the result. The history page allows you to filter by dates in case your auditor or control owner is looking for a specific entry.

For self-assessments, this activity includes a detailed list of what evidence was uploaded, when, and by whom. You can access historical evidence and filter by dates in case your auditor or control owner is looking for a specific entry.