Continuous Monitoring & Scans

• Setting Up the Device Vulnerability Agent

  In order to use the Device Vulnerability feature of the OneClickComply platform, you will need to install our agent onto any devices that your business wishes to scan. This article will guide you through the process of setting up Device Vulnerability scanning on your OneClickComply account. IMPORTANT: Our agent is specifically designed for Windows devices, and is provided in partnership with RoboShadow. The agent uses read access on devices to return vulnerability information,Few readers

• Scanning For & Managing Device Vulnerabilities

  Once you have successfully installed the agent across all required devices, you may now begin scanning those devices for vulnerabilities. This article will guide you through the process of conducting a scan, checking the results, and actioning any identified vulnerabilities. Click here for our support article about the device vulnerability agent. Note: Device vulnerability remediation requires purchasing a per-device subscription Once the agent has been installed on your devices, navigatFew readers

• Using the Questionnaire Automation Feature

  Note: As this feature is currently in Beta, it (and this support article) may subject to change. The Questionnaire Automation has been designed to help your organisation save time when responding to due diligence requests. Using this feature, you will simply upload the questionnaire of your choice in .pdf or .docx format, click "Generate", and allow OneClickComplyAI to fill in the responses based on actions you have completed in the OneClickComply platform. Screenshot of the questiFew readers

• Changing Continuous Monitoring Settings

  If you need to update any of your Continuous Monitoring configurations, these can be changed within relevant connections area. To access these settings, select Manage, located underneath the Connections section of Continuous Monitoring Dashboard. See below: Navigation guidance on accessing the connection area of continuous monitoring (https://storage.crisp.chat/users/helpdesk/website/2f1af62ef894ca00/screenshot-2025-02-28-1439031e3ap8l.png =900x230) On this page you will sFew readers

• Viewing Continuous Monitoring Results

  The Continuous Monitoring area allows you to quickly review your compliance progress by checking the results of your most recent continuous monitoring scan. You can access this area by selecting Continuous Monitoring from within the Scanning area. Here's an example of what this area may look like: An example of the continuous monitoring dashboard (https://storage.crisp.chat/users/helpdesk/website/2f1af62ef894ca00/screenshot-2025-02-28-102943m1edx6.png =500x269) As shown in theFew readers

• Reviewing Past Compliance Scans

  Looking back at previous continuous monitoring scans is a good way to judge how far your business has come in its compliance journey. You can access Scan History by selecting Review Compliance History on the Continuous Monitoring page. Once on the page, scroll down slightly to Scan History. You will see a page similar to the example below (as long as continuous monitoring has been enabled and a scan has taken place): An example of the previous compliance scans page (https://sFew readers

• Starting New Penetration Tests

  Penetration Tests on the OneClickComply platform allow you to check your websites and applications for potential vulnerabilities. Once you have navigated to the Penetration Testing area of the platform, you will see a page similar to the following: Example penetration test screenshot (https://storage.crisp.chat/users/helpdesk/website/-/2/f/1/a/2f1af62ef894ca00/screenshot-2025-06-25-164839z8f7fp.png =900x142) A scan has already taken place and been completed, and some high level resultsFew readers

• Reviewing Completed Penetration Tests

  Once your Penetration Test has completed, it will show the Finished status on the main results table, similar to the following: Completed penetration test example (https://storage.crisp.chat/users/helpdesk/website/-/2/f/1/a/2f1af62ef894ca00/screenshot-2025-06-25-164839lp7yas.png =900x142) This table will provide a quick, high-level overview of the scan results. Let's go through the information available to us: Scan ID: A unique identifier for the scan Scan Type: What was choseFew readers

• Actioning Compliance Scans

  Your Compliance Scans act as the blueprint for your entire compliance journey, instructing you on where to place focus, and informing you of any gaps within your security. Let's learn how to respond to any alerts from a scan. Once you have accessed your Scan History, and if there have been any issues detected by a recent scan, you will see a header labelled Scans Requiring Action, as shown by the example below: An example of compliance scans that require attention and have not beFew readers

Policies

• Updating Internal Policies and Notifying Employees

  Once you have added a policy to the Internal Policy Management area, you can send it to employees via email and request that they both read and acknowledge the policy's content. To notify employees, click the Review button on your desired policy, as shown below: Screenshot showing how to review an internal policy (https://storage.crisp.chat/users/helpdesk/website/-/2/f/1/a/2f1af62ef894ca00/screenshot-2025-04-17-1201561rdoktk.png =900x102) This will open a new window that providesFew readers

• Using a Pre-Written Policy as a Template

  The AutoComplete policy generator allows you to instantly generate over 30 policies, and match their contents to your current security approach. However, if you already have pre-written policies, these can be uploaded to the platform, and serve as your new policy template. To change a policy template, navigate to AutoComplete, and select the policy that you wish to edit, or click Create New as shown below. We'll use the DP-01 Data Protection Policy in this example. Policy templFew readers

• Reviewing and Editing Policies

  You can edit all of your policies by selecting Review on the desired task within the Templates area of OneClickComply. This will take you to the Edit and Publish page for policy templates. Here's what this page looks like: Policy template area example (https://storage.crisp.chat/users/helpdesk/website/-/2/f/1/a/2f1af62ef894ca00/screenshot-2025-06-25-153321q1bje.png =800x472) We've already covered the Status, Last Modified and Modified by tags in a previous articFew readers

• Using Policy Templates

  You can start using policy templates as soon as you get access to the platform. Simply choose one of the templates you want to work on and click Create New. See below for an example: A screenshot showing how to create a new policy (https://storage.crisp.chat/users/helpdesk/website/2f1af62ef894ca00/screenshot-2025-02-25-184233ow7pfh.png =1098x274) Once selected, the platform will begin creating the policy template. When the template has been generated, the page will automatically refresFew readers

Account

• Onboarding Other Users & Account Types

  Your OneClickComply account will have one account owner, and as many administrators and auditor profiles as required. You can access the Account Users area by clicking your name in the bottom on the navigation bar, selecting Organisation Details from the dropdown, then scrolling down to Account Users. You can see an example of this area below: A table showing the different account types within the platform (https://storage.crisp.chat/users/helpdesk/website/2f1af62ef894ca00/scPopular

• Updating Business Details

  You can update your business details within the Manage Account area. You can access this by selecting Organisation Details from the bottom of the navigation bar, as shown below: Guidance for accessing organisation details (https://storage.crisp.chat/users/helpdesk/website/-/2/f/1/a/2f1af62ef894ca00/screenshot-2025-06-26-1003494u219h.png =236x628) You can use the Business Details area to update relevant information, as well as to check the standards that you are currently enrolledPopular

Tasks & Compliance

• Task Dependencies

  Sometimes certain tasks will have pre-requisites before they can be completed. These are referred to as Dependencies. A task that is particularly complex, or requires a certain setting enabled in order to be completed, will have a yellow banner above it. This will only be shown when reviewing the task in more detail. Here's an example: Example task with dependency (https://storage.crisp.chat/users/helpdesk/website/-/2/f/1/a/2f1af62ef894ca00/screenshot-2025-06-26-1147321fdeinf.png =500x5Popular

• Viewing Control Details & Tasks

  Control Tasks can be accessed by clicking Open on any control, as shown below. This will open up a new page dedicated solely to that control. Let's review control 5.1 for Cyber Essentials. Opening control example (https://storage.crisp.chat/users/helpdesk/website/-/2/f/1/a/2f1af62ef894ca00/screenshot-2025-06-25-112420hsx7vc.png =700x139) Control Details Control details screenshot (https://storage.crisp.chat/users/helpdesk/website/-/2/f/1/a/2f1af62ef894ca00/screenshot-2025-06-25-1Few readers

• Creating, Reviewing, Updating Risks

  Creating Risks Risks can be created by selecting the Create Risk button at the top right of the page. Doing this will open a side window where user will need to fill out information such as: Risk Name: The name of the risk Risk Description: A brief outline/description of the risk Risk Category: What area of the business the risk impacts (e.g. IT services, reputation, financial etc.) Risk Owner: The employee that is responsible for managing the risk Likelihood: A scFew readers

• Changing the Status of Standards

  Once you have connected your environments to the OneClickComply platform, the next step you will need to take will be to chose which compliance standards you would like to work towards. You can do this within the Standards area of the platform. Note: If you had connect an environment prior to the recent UI changes, please ensure that you enable your desired standards, as this is not done automatically. Changing Standard Status When you are on the Standards page, you will see alFew readers

• Reviewing, Actioning, and Completing Tasks

  In order to meet the requirements of a control, and comply with your chosen compliance standards, you will need to complete any Technical or Operational tasks that are associated with it. Let's look at an example Technical task: Example outstanding technical control (https://storage.crisp.chat/users/helpdesk/website/-/2/f/1/a/2f1af62ef894ca00/screenshot-2025-06-25-1222311kzrp5m.png =800x126) As shown above, there is a technical task called "Disable 'Insecure guest logons' inFew readers

• Viewing Controls

  There are two ways that users can access the controls of a compliance standard. These are: Selecting Controls on a particular standard within the Standards area Selecting Control Management from the main navigation bar. The main difference between these two options is that selecting Controls on a specific standard from the Standards page will take you directly to the controls of that standard, whereas Control Management will take you to a list of all controls forFew readers

• Completing Assigned Tasks

  If you have been assigned a task by another user, you can view them from within the My Tasks area of the platform. Inside this page you will see two pages: Assigned Tasks and My Tasks. Assigned Tasks This page shows every task that has been assigned to a user within your organisation. You can expand these tasks to view them in greater detail, or select the View Task button to go to the task completion page. See below: Assigned task example screenshot (https://storage.crisFew readers

• Understanding the Reporting Area

  An important aspect of compliance is understanding both how far you have come, but also how much more work there is left to be completed. The Reporting area allows you to gain a top-down view of your how many tasks you have remaining. This area can be accessed by selecting Reporting from the main menu. Here is an example of what you may find on this page. Example compliance percentages (https://storage.crisp.chat/users/helpdesk/website/-/2/f/1/a/2f1af62ef894ca00/screenshot-2025-06-Few readers

• Using the Trust Centre

  The Trust Centre is a public facing area of your compliance journey. It allows your business to evidence various aspects of your compliance journey to any interested third-party, such as implemented controls, aligned standards, and important documentation. Let's go through each area within the Trust Centre individually. Business Details Example business details area (https://storage.crisp.chat/users/helpdesk/website/-/2/f/1/a/2f1af62ef894ca00/screenshot-2025-06-25-171800x242k9.pngFew readers

• Using the Information Asset Register

  The Information Asset Register allows you to store, review, and update various information assets within your organisation. This area can be accessed through the ISMS area of the Compliance tab. Once inside the Information Asset Register area, you will see a page similar to the following: Example information asset register (https://storage.crisp.chat/users/helpdesk/website/-/2/f/1/a/2f1af62ef894ca00/screenshot-2025-06-25-161357ejt79e.png =800x185) As shown above, there is a BusinesFew readers

• Adding Vendors to the Vendor Risk Management Area

  Once you have navigated to the Vendor Risk Management area, you will see a page similar to the following: Adding a vendor screenshot (https://storage.crisp.chat/users/helpdesk/website/-/2/f/1/a/2f1af62ef894ca00/screenshot-2025-06-25-16361216oj792.png =900x252) You can add new vendors to this table by selecting the Add Vendor button, as highlighted above. This will open a new window where you can input information related to the vendor. Let's see what information is needed:Few readers

• Signing Your Completed Cyber Essentials Questionnaire

  Once you have clicked the Submit button at the end of answering your Cyber Essentials questionnaire, the document will begin generating. The OneClickComply platform will combine your own answers with the technical controls that you have implemented through the platform, creating a document that accurately reflects the processes that you currently have in place. You can access your in-progress and completed documents within Questionnaires area of the Cyber Essentials Questionnaire paFew readers

• Completing the Cyber Essentials Questionnaire

  Using the OneClickComply platform, you can easily complete the self-assessed questionnaire needed for Cyber Essentials certification. Any tasks that you have automatically fix, or completed manually, will be automatically inputted into the relevant areas of the questionnaire, ensuring that your answers are fully aligned with the security processes that you have in place. Let's have a look at the steps needed to complete a questionnaire within the OneClickComply platform. When you first click oFew readers

• Reviewing Audit Logs

  Audit logs serve as a record of any changes or alterations made within a businesses IT systems. Auditors can use these record to examine configurations, cross-reference settings against security standards, and determine whether a business has been in compliance with a cyber security framework or standard. You can access your audit logs by clicking Reporting on the main menu, and then selecting Audit Log from the drop down. Once in the Audit Log area, you will see a table similar toFew readers

• Adding a Policy to Internal Policy Management

  The Internal Policy Management area allows you to upload policies, distribute them to employees, and track their acceptance across your entire business. To add a new policy, navigate to the Internal Policy Management area, located within Compliance < Policies, and select New Policy as demonstrated below: Screenshot showing how to add a new policy to the internal policy management area (https://storage.crisp.chat/users/helpdesk/website/-/2/f/1/a/2f1af62ef894ca00/screenshot-202Few readers

• Finding Risks Within the Risk Register

  The Risk Register allows you to create and maintain an accurate record of risk that your business faces, and can be accessed through the ISMS area within the Compliance tab. Once in Risk Register area, you will see a table of all the risks that have been created within the OneClickComply platform, similar to the following: Risk register example screenshot (https://storage.crisp.chat/users/helpdesk/website/-/2/f/1/a/2f1af62ef894ca00/screenshot-2025-06-25-154139vuttbo.png =800Few readers

• Reviewing Task History

  Reviewing tasks in the Task History area is a critical component of managing your compliance, as it is a record of all the tasks that have been completed within the platform. Once in Task History, select Review next to the task you wish to see in more detail, as shown by the example below: Task history review screenshot (https://storage.crisp.chat/users/helpdesk/website/-/2/f/1/a/2f1af62ef894ca00/screenshot-2025-06-25-1511035x0i85.png =800x92) Doing this will open a new windowFew readers

• Managing Integrations

  Integrations with third-party applications allows OneClickComply to fully utilise its automation capabilities. You can locate your connected integrations by selecting Integrations from the main menu, then clicking Marketplace. Once on the integrations page, select Manage on any of your currently connected apps. See below for an example: Example integrations page (https://storage.crisp.chat/users/helpdesk/website/-/2/f/1/a/2f1af62ef894ca00/screenshot-2025-06-25-1722461wra22b.pngFew readers

• Adding Physical and Virtual Assets to the Register

  The Physical & Virtual Asset Register allows you to keep track of important assets within your business, and comply with standards such as ISO 27001 and SOC 2, as they require an up-to-date list of both physical and virtual assets, including tings like laptops, servers, virtual machines, cloud resources, and software applications. Once you have accessed the Physical & Virtual Asset Register, you will be presented with a page similar to the following. To add a new asset, click the CreaFew readers

• Reviewing and Recording Incidents

  Documenting and responding to risks is a core component of compliance with standards such as ISO 27001 and SOC 2. The OneClickComply platform allows you to collate all of the incidents that have occurred within your business, and document them in one central place. Let's have a look an example incident on the main Incident Management screen: Example incident management area (https://storage.crisp.chat/users/helpdesk/website/-/2/f/1/a/2f1af62ef894ca00/screenshot-2025-06-25-16301718w84vo.Few readers

• Assessing Third-Party Vendors for Risks

  Through the Vendor Risk Management area, you can determine the amount of risk that a third-party vendor presents to your business. This can be achieved by using the Risk Scoring function. Let's look at the example below: Screenshot of an example third-party vendor (https://storage.crisp.chat/users/helpdesk/website/-/2/f/1/a/2f1af62ef894ca00/screenshot-2025-04-16-145914sfe7o2.png =437x600) In this example, we have a added a third-party vendor imaginatively called 'Example Vendor'. ThisFew readers

• Enabling Task Completion Notifications

  The OneClickComply platform also supports the ability to notify users when a task has been completed successfully. This removes the need to go back and forth between the audit log and the task in question. To enable this setting, you will need to select your name from your name at the bottom of the Navigation bar, then select Organisation Details, as shown below: Guidance for accessing organisation details (https://storage.crisp.chat/users/helpdesk/website/-/2/f/1/a/2f1af62ef894ca00/scFew readers

• Creating and Reviewing Information Assets

  Creating Information Assets You can create/store information assets by pressing the Create New asset button, located at the top right of the page. Doing this will open a side window where you can add the following information: Asset Name: The name of the asset Asset Owner: The employee in charge of the asset Storage Location: Where the information is stored Classification: Whether the information is confidential, secret, public etc. Retention Period: How long the iFew readers

Show more articles