Skip to main content
Security Posture Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Creating Findings from Framework Intelligence Results

Erin Conry

Framework Intelligence assessments provide the ability to create findings directly from your FI results. You can create a finding for any control in an FI assessment and immediately move into remediation workflows without leaving the platform.

The system automatically identifies Not Compliant controls as suggested findings, helping you prioritize which compliance gaps require immediate attention. You decide which suggested findings to formalize as findings based on your risk assessment and remediation strategy.

How It Works

When you complete an FI assessment, all controls appear in the assessment results. For each control, you have the option to create an associated finding that ties the compliance result to your remediation workflow.

Creating a finding from an FI control enables you to:

  • Document compliance gaps discovered during the assessment
  • Integrate FI findings into your vendor risk management process
  • Share FI findings with vendors as part of your assessment workflow and track remediation progress

Creating a Finding from an FI Control

Step 1: Open Your FI Assessment

Navigate to Vendor Profile → Framework Intelligence and click on the assessment you want to work with.

Step 2: Select a Control

In the Assessment Details View, locate the control you want to create a finding for. You can create a finding for any control in the assessment, regardless of its compliance status.

In the controls results table, a Findings column displays a finding icon for each control. Click the icon to create a new finding or open an existing one. The icon shows the finding's criticality color if a finding already exists for that control.

Step 3: Complete the Report a Finding Modal

A modal will appear with the following fields:

Required fields:

  • Criticality: Select the severity level for this finding (e.g., Critical, High, Medium, Low)
  • Reported On: The date the finding was identified (defaults to today)
  • Description: A summary of the compliance gap or risk

Optional fields:

  • Compliance Answer: Pre-populated from the FI result (read-only); shows the framework control requirement
  • Remediation Date: Target date for remediation

Step 4: Confirm

Click Confirm. The finding is created with Pending status and is automatically labeled with the FI Assessment category. For managed vendors, the finding is shared immediately within the platform and appears in their Trust Management Hub.

Understanding Suggested Findings

The system automatically identifies Not Compliant controls as suggested findings. These controls are highlighted in your assessment results to help you quickly focus on the highest-priority items requiring remediation.

Suggested findings are:

  • Controls with Not Compliant compliance status that do not yet have an associated finding
  • Visually flagged in your assessment results list
  • Optional to create: you decide whether to formalize each one as a finding

Note: The system does not auto-create findings. You review and choose which suggested findings to create based on your risk prioritization.

Where Findings Appear

Once created, FI Assessment findings are fully integrated into the VRM remediation workflow and appear in:

Vendor Profile:

  • Findings page: All FI Assessment findings for that vendor, labeled with category FI Assessment

Portfolio level:

  • Findings page: Global findings view, filterable by FI Assessment category

FI Assessment Overview:

A findings summary section displays:

  • Total number of findings reported: Count of all findings created from this assessment, regardless of status
  • Needs Remediation: Pending findings awaiting action
  • Closed: Completed findings

Managing Findings

FI Assessment findings have full parity with other findings in VRM. You can:

  • Update criticality, status, and due date at any time
  • Add internal notes, messages, and attachments to track remediation progress
  • Track the finding lifecycle from Pending through Closed
  • Link between the finding and the original FI control for full context

The system prevents duplicate findings for the same control within the same assessment. If a finding already exists for a control, you can view its details but cannot create more than one finding per control.

Sharing Findings with Vendors

FI Assessment findings follow the same sharing behavior as all other findings in VRM:

Managed Vendors:

  • Findings are shared immediately within the VRM platform
  • Vendors see findings in their Trust Management Hub and can respond to remediation requests directly in the platform

Monitored Vendors:

  • Findings can be shared by downloading findings reports (CSV and PDF) via manual communication outside the platform
  • Reports are generated on demand and can be sent to vendors through your usual communication channels

Important Notes

  • Assessment linkage: Each finding maintains a direct link to its source FI assessment and control, allowing you to reference the original compliance evidence
  • Deep linking: From any findings list (Vendor Profile or Findings page), you can navigate back to the original FI Assessment to review the evidence and compliance result
  • No auto-creation: Findings are created only when you explicitly choose to create them; suggested findings are guidance only
Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles

Feedback

0 comments

Please sign in to leave a comment.