1. Implementing Risk Management
  2. Import Template Data Requirements

Import Template Data Requirements

As you enter data into an import template, keep the following in mind:

  • The first column of each worksheet contains ID values. Each must be a number that's unique within its worksheet.

    These values apply only within the template; they're not imported into the Risk Management database. Use them to establish relationships between objects. For example, you create an ID for a control in the Control tab, and an ID for a risk in the Risk tab. Then you specify those IDs in a row of the Risk Control tab to relate the risk to the control.

  • Never enter or modify values in SYSTEM_ID or REVISION_NUMBER columns. For new data, these values should be blank. For existing data, these are system-generated. Any modifications prevent records from being recognized when they're imported, and so generate errors.

  • In each worksheet, some information is required, and some not. If a column contains required data, its header says so. In some cases, though, optional information is highly desirable. For example, on the Control tab, Description isn't required. Typically, however, the description of a control defines what it does to mitigate a risk, and so you'd want to provide one.

  • In general, columns (other than those that display ID values) correspond to fields in the user interface. For example, the Control tab contains an ASSERTION_CODE column. It may contain values you can enter in the Assertions field of the page to create or edit a control. If you're uncertain of appropriate content for a column, review user documentation for the field or page it represents.

  • The value in a NAME column can't exceed 150 characters.

  • In text columns, don't use these characters: ampersand (&), apostrophe ('), hash (#), less than (<), greater than (>), asterisk (*), or equals (=). Also, don't use the Enter key to create a line break.

  • If a column corresponds to a check box on the user interface, enter Y for selected or N for cleared.

  • Some worksheets contain an ACTIVITY_CODE column. Values represent activities you can complete in an assessment. Enter only the following codes:

    Activity Code

    Activity Description

    ASSESS_RISK

    Risk assessment

    AUDIT

    Audit

    AUDIT_TEST

    Audit test

    DESIGN_ASSESS

    Design assessment

    DOC_UPDATE

    Documentation update

    CERTIFY

    Certification

    OPERATING_ASSESS

    Operating assessment

  • When you finish entering data into the template, save it in the .xml file format.