Overview
Solution Capabilities are the specific features or functions powered by a Risk Solution – think of them as the "gears" in the risk management engine. They address risk by providing things like file integrity protection, identity management, or multi-factor authentication, making your Risk Solutions more flexible and effective for tackling different risk areas. One Risk Solution can cover multiple Solution Capabilities. Learn more about Risk Solutions.
Navigating to Solution Capabilities
01
Open Solution Capabilities
Click Solution Capabilities to view and manage your Risk Solution's Capabilities.
After clicking the Implementation dropdown, select Solution Capabilities. You will be able to see each required solution capability.
You can see on the left side that there are many categories for the Solution Capabilities. Those are Solution Capability “families”.
Solution Capability Structure
Solution Capabilities consist of the following categories:
| Columns | Definition |
|---|---|
| Solution Capabilities | Solution Capabilities are the specific features or functions powered by a Risk Solution—think of them as the "gears" in the risk management engine. They deliver targeted outcomes like automated alerts, data analysis, or reporting, making your risk solutions more flexible and effective for tackling different risk areas. |
| Responsible Role | Assigned person for a Solution Capability. |
| Implementation Status | The status on whether the Solution Capability is set or not. |
| Reviewers | Users, teams, or roles assigned to review the Solution Capability. |
| Assurance Review | Status on whether the review is complete or not. |
| Reviewer Comment | Comments from reviewers. |
| Stack | Data Stack |
Reviewing Solution Capabilities
Efficient collaboration and review of Solution Capabilities are key. We focus on minimum inputs for maximum outputs. As such, Solution Capabilities are global in nature and can be mapped to controls across multiple programs to automate delivery of compliance documentation with unmatched speed and simplicity.
Who & How
During review sessions, our Solution Capabilities owners (Editors or Collaborators) often work with GRC admins (Admins or Editors) to implement controls and make necessary adjustments. Reviews are marked and saved in their current state, allowing for continuity across sessions. Who is responsible for the review can be assigned by Responsible Role and/or by individual users. Individual users can be assigned in bulk using the check boxes on the left side of the pane in the Solution Capabilities Implementation list view.
Managing partial or pending implementation
Occasionally, a Solution Capability might be partially implemented or not implemented at all. Here, you can add remarks, set target dates for completion, and even leave review comments. This process ensures accurate tracking and accountability.
What's unique is the wide impact of these Solution Capabilities. For instance, marking a solution as partially implemented in one area affects multiple controls in a program. This shows the importance of each Solution Capability, especially in terms of compliance for federal programs.
Updating Review Status
After implementation, you can mark solutions as reviewed, maintaining a detailed audit trail. Any time a Solution is modified, the review status is updated to "Not Reviewed". If you would like to see what has changed since the last review, you can open the activity log on the page. Then simply click the button again to toggle to "Reviewed" once you are satisfied. This comprehensive approach ensures that when you return to the affected programs, updates are reflected, optimizing both minimum inputs and maximum outputs.
Creating a Solution Capability
To create a Solution Capability, navigate to the appropriate page and click on the "+ Solution Capabilities" button on the top right corner of the screen. Assign a name to the solution and optionally categorize it for easier searching and filtering. After saving, you can add additional information.
- Narrative: A brief statement explaining the capability. It should mention elements from your library. It can also use smart text to automatically populate information unique to a program. Each narrative is associated with a specific responsible role, or the person tasked with making the narrative "true".
- Implementation Status: This field indicates whether the solution is currently in operation, planned for implementation, not implemented, or not applicable for some reason.
- Main Component: This field helps you associate components to a set of capabilities. If left blank, it is assumed that the capability is inherent to the overall system.
01
Select Specific Solution Capability
Click Solution Capability to access detailed settings for a particular capability.
02
Choose Family Category
Click Family to filter or categorize the solution capabilities accordingly.
Overview of Solution Capabilities Dashboard
The Solution Capabilities Dashboard provides a quick status of your implementation status. The percentage indicates the number of Solution Capabilities that have been reviewed.
Additional Features
Other features for Solution Capabilities include the following:
- Import Solution Capabilities
- Download Solution Capabilities
- Download as Template Solution Capabilities
- Download Crosswalk
- Download all Evidence
- Delete All Solution Capabilities
Access these features by clicking the 3 dots right next to the “+ Solution Capabilities” in the top right corner.
01
Click Link for More Options
Click here to reveal additional options related to the selected capability.
02
Click Desired Option
Create Custom Response
Unlike Solution Capabilities, Custom responses are control/requirement specific. Perform the following steps to create a Custom Response from scratch within the Control Implementation Details page:
- Click on the "Add Custom Response" + icon.
- In the menu on the right in the Custom Response header, click "Edit Settings".
- Update Name, Responsible Roles, Implementation Status, and Origination as needed.
Convert Solution Capability to Custom Response
When the Solution Capability is close but needs minor adjustments specific to a particular control/requirement, a Solution Capability applied to the control can be detached and copied as a custom response for customization specific to the control that cannot be applied to other controls or programs. Perform the following steps from the Control Implementation Details page:
- In the menu on the right in the Custom Response header, click "Detach from Library", which copies its details, including text, roles, and implementation status.
- Now, tailor the details to fit the specific nuances of your requirement.
- (Optional) In the menu on the right in the Custom Response header, click "Edit Settings".
- (Optional) Update Name, Responsible Roles, Implementation Status, and Origination as needed.
Convert Custom Response to Solution Capability
- In the menu on the right in the Custom Response header, click "Save as Solution Capability".
- Update the Family, Subfamily, Responsible Roles, and Origination, as needed, and click "Yes" to save.
- A unique Solution Capability is created in the library linked exclusively to your program requirement. Your tailored Solution Capability is reusable to map to other relevant controls across programs.
Solution Capability Generation
Paramify introduced an opt-In AI Solution Capability generation tool. For more information on Solution Capability generation using AI, see Paramify AI.
Comments
0 comments
Please sign in to leave a comment.