Import Template Data Requirements
As you enter data into an import template, keep the following in mind:
-
The first column of each worksheet contains ID values. Each must be a number that's unique within its worksheet.
These values apply only within the template; they're not imported into the Risk Management database. Use them to establish relationships between objects. For example, you create an ID for a control in the Control tab, and an ID for a risk in the Risk tab. Then you specify those IDs in a row of the Risk Control tab to relate the risk to the control.
-
Never enter or modify values in SYSTEM_ID or REVISION_NUMBER columns. For new data, these values should be blank. For existing data, these are system-generated. Any modifications prevent records from being recognized when they're imported, and so generate errors.
-
In each worksheet, some information is required, and some not. If a column contains required data, its header says so. In some cases, though, optional information is highly desirable. For example, on the Control tab, Description isn't required. Typically, however, the description of a control defines what it does to mitigate a risk, and so you'd want to provide one.
-
In general, columns (other than those that display ID values) correspond to fields in the user interface. For example, the Control tab contains an ASSERTION_CODE column. It may contain values you can enter in the Assertions field of the page to create or edit a control. If you're uncertain of appropriate content for a column, review user documentation for the field or page it represents.
-
The value in a NAME column can't exceed 150 characters.
-
In text columns, don't use these characters: ampersand (&), apostrophe ('), hash (#), less than (<), greater than (>), asterisk (*), or equals (=). Also, don't use the Enter key to create a line break.
-
If a column corresponds to a check box on the user interface, enter Y for selected or N for cleared.
-
Some worksheets contain an ACTIVITY_CODE column. Values represent activities you can complete in an assessment. Enter only the following codes:
Activity Code
Activity Description
ASSESS_RISK
Risk assessment
AUDIT
Audit
AUDIT_TEST
Audit test
DESIGN_ASSESS
Design assessment
DOC_UPDATE
Documentation update
CERTIFY
Certification
OPERATING_ASSESS
Operating assessment
-
When you finish entering data into the template, save it in the .xml file format.