In this article, we will cover the different Answer Type options available when creating an Assessment.
Users can choose between many answer types when creating an Assessment. Default options include many common generic answer types such as the SCF maturity model (SCF CMM), Yes/No, etc. However, the platform also provides the option to select from ~30 different scoring criteria based on specific frameworks. Some of these include NIST, HITRUST, AICPA and CMMC scoring rubrics, among others. Additionally, custom answer types can be configured to fit any answer type and scoring rubric that is needed.
1. SCF CMM (Secure Control Frameworks Capability Maturity Model) is recommended for all frameworks, except HITRUST and HLCA (High Level Control Audit). Below is an example of what your assessment responses will look like if you choose this answer Type. (ex. Level 1, Level 2, Level 3, etc.) Each level will provide you with a specific description of what should have been achieved to meet that respective level selection. Based on your selection, you might also be asked to provide evidence to support your selection.
2. HITRUST CMM (HITRUST Capability Maturity Model) is recommended for HITRUST Assessments. Below is an example of what your assessment responses will look like if you choose this answer Type. (ex. Policy, Process, Implemented, etc.) Each level will provide you with a specific description of what should have been achieved to meet that respective level selection. Based on your selection, you might also be asked to provide evidence to support your selection.
3. Simple CMM (Simple Capability Maturity Model) is recommended for Custom Assessments. Below is an example of what your assessment responses will look like if you choose this answer Type. (ex. Fully, Almost, Mostly, etc.) Based on your selection, you might also be asked to provide evidence to support your selection.
4. Ostendio CMM (Ostendio Capability Maturity Model) is our own model recommended for customers completing Ostendio's Security Framework. Below is an example of what your assessment responses will look like if you choose this answer Type. (ex.Stated Compliance, Documented Policy and Evidence of Compliance) Based on your selection, you might also be asked to provide evidence to support your selection.
5. Custom answer Type will allow you to choose any of 5 additional options including:
- Text Reponse
- Single Select
- Multiple Select
- Yes/ No
- Scale (1-5). Select the Custom answer Type that is required for the Assessment use case.
As you can see, each answer Type option will dictate how information is collected while you answer your assessment questions.
Please choose accordingly.