Leslie Dev Site

index

2 min read

Evidence Evaluation

  1. Did the supplier provide a valid ISO and SoA? Yes No

Assessor’s Comments

  1. Did they provide a response If No, click here
  2. Is the control a Data Privacy Question? Yes No
flowchart TD
 
 
A([Start QA Process])
 
 
A --> B[Step 0: Confirm Assessor used latest approved DDQ template]
B --> C[Step 1: Open DDQ Sheet]
C --> C1[Read Supplier Name & Questionnaire Type from filename]
 
 
C1 --> D[Step 2: Executive Summary Review]
D --> D1[Confirm Service Description in B6]
D1 --> D2[Check Assessment Date in C11 (UK format)]
D2 --> D3[Read Certificate details in C13]
 
 
D3 --> E[Step 3: Return to DDQ Sheet]
E --> E1[Count Total Questions]
E1 --> E2{Filters hiding questions?}
E2 -- Yes --> E3[Remove filters and recount]
E2 -- No --> F
E3 --> F
 
 
F[Confirm DDQ Type & Expected Question Count]
 
 
F --> G[Step 4: Check ISO Indicator Cell (I8/H8)]
G --> H{ISO Certificate stated?}
 
 
H -- No --> Z1[Proceed without ISO coverage]
 
 
H -- Yes --> I[Step 5: Validate ISO Certificate]
 
 
I --> I1[Open ISO Certificate]
I1 --> I2{ISO Version?}
 
 
I2 -- 27001:2022 --> J
I2 -- 27001:2013 --> I3{Valid >3 months from QA date?}
I3 -- No --> ESC1[Escalate: Pause assessment & request new cert]
I3 -- Yes --> J
 
 
J[Validate Statement of Applicability (SoA)]
J --> J1{SoA provided?}
 
 
J1 -- No --> ESC2[Escalate: Request SoA & pause work]
J1 -- Yes --> J2[Check dates, version alignment, scope]
 
 
J2 --> J3{Controls mapped correctly?}
J3 -- No --> ESC3[Escalate incorrect mapping]
J3 -- Yes --> J4[Confirm service description covered]
 
 
J4 --> J5{Cloud DDQ?}
J5 -- Yes --> J6[Auto‑cover 255/289 if ISO+SoA valid]
J5 -- No --> K
J6 --> K
 
 
K[STOP & THINK: ISO + SoA both valid?]
K -- No --> ESC4[Immediate escalation to SSC]
K -- Yes --> L
 
 
L[Step 6: Update ISO Comment in DDQ Cell J8/I8]
L --> M[Apply correct template text]
 
 
M --> N[Step 7: Update Executive Summary]
N --> N1[Describe QA process]
N1 --> N2[Count supplier vs assessor responses]
N2 --> N3[Insert DDQ Risk Rating & Overall Rating]
N3 --> N4[Insert SecurityScorecard Rating]
 
 
N4 --> O[Step 8: Evidence & SSC Review]
O --> O1[Validate Evidence count]
O1 --> O2[Validate SSC narrative & images]
O2 --> O3[Validate Gap Analysis counts]
O3 --> O4{Total Score = 0?}
O4 -- Yes --> O5[Insert positive recommendation]
O4 -- No --> P
O5 --> P
 
 
Z1 --> P

Graph View

Backlinks