Skip to main content

Framework Readiness

Understand how framework readiness is calculated and what you can do to keep your frameworks on track

Updated yesterday

Framework readiness shows the current status of each in-scope framework in your environment. It reflects whether the requirements or controls that make up a framework meet the conditions for being "ready."

Use the readiness status to:

  • Track progress toward compliance.

  • Identify gaps in evidence or approvals.

  • Focus your efforts on what's needed to reach audit readiness.

Readiness is dependent on the other:

  • A framework is ready when its requirements or controls are ready.

  • A requirement is ready when all its mapped controls are ready.

  • A control is ready when all conditions for readiness are met.

View Framework Readiness

You can measure readiness by Controls or Requirements.

  • Controls (default): Readiness is based on the number of in-scope controls that are ready.

  • Requirements: Readiness is based on the number of in-scope requirements that are ready.

Use the toggle at the top of the Frameworks page to switch between these two options. When you change the toggle, the following pages are updated to reflect your selection:

  • The Frameworks page

  • Individual framework detail pages

  • The Readiness overview section on the Dashboard page.

Your selection applies only to your account. It does not affect other user's views.

When is a Requirement Ready

A requirement is considered ready when all of its mapped controls are ready.

Scenario

Requirement status

Requirement is mapped to multiple controls and one of the controls is not ready.

Not ready

Mapped to zero controls

Not ready

Mapped to multiple controls that are all ready

Ready

You can filter requirements by their readiness status on a framework page—'Ready' or 'Not Ready'—to gauge what needs your attention. The filter on the left will always apply to Requirement readiness.

When a Control Is Ready

A control is considered ready when it meets all of the following criteria.

Scenario

Control status

Control is mapped to multiple evidence and one of the evidence is not ready.

Not ready

Control is not mapped to any evidence.

Not ready

Control requires approval, and it hasn’t been approved.

Not ready

Control is mapped to multiple evidence items, and all are valid and approved (if required).

Ready

Evidence is considered valid if it meets all of the following conditions:

  • Tests are in a Passing state.

  • All mapped Policies have a published version.

  • Mapped Evidence Library artifacts are within their renewal date.

  • Mapped Miscellaneous evidence (files or URLs) is within its renewal date.

  • A control that requires approval is approved.

Evidence is considered invalid if any of the following conditions apply:

  • Tests are in a Failing state.

  • Mapped Policy is not published.

  • Mapped Evidence Library artifact has exceeded its renewal date.

  • Mapped Miscellaneous evidence (file or URL) has exceeded its renewal date.

  • A control that requires approval is not approved.

On the Controls page you can filter controls by their readiness status—'Ready' or 'Not Ready'—to gauge which controls need your attention.

Did this answer your question?