Define the audit scope

Scoping filters allow you to include only relevant evidence data in the audit

Overview

Scytale saves you time by collecting automatic evidence through many integrations.
In order to provide the most relevant evidence needed for the audit, Scytale developed a filtering interface that allows you to customize the evidence data.

If some of the data is irrelevant to your audit scope, you can filter it out and include only the relevant evidence. If the company is being audited for multiple products, the scoping filters will streamline the audit process, since each product's data can be defined separately.

Defining the scope using the filter interface

Creating filter flow

Important notes:

💡 Filters define the audit scope, affecting the collected evidence, not for display purposes only.

💡When filters are applied, evidence will be updated and tasks might be affected  (depending on the audit scope that is defined).

How to create a filter?

📍Location: the filters are available when you open the evidence in automatic monitoring.

1. Go to the relevant audit & product you need to create a filter.
2. Go to the relevant automatic control and open the control item.
3. Click to open the relevant evidence you want to filter results. 
4. Click on "Create filter"
5. Define what is in scope of your audit.
   💡It may be easier to define what is out of scope by excluding data from the evidence by selecting the appropriate operator (i.e not equals, excludes, not between, etc). 
   1. Select a column - since some columns relate to integration test logic, they cannot be filtered. The dropdown column shows available columns and unfiltered columns (disabled). 
   2. Select an operator - the operators will be available after selecting a column since it is defined based on the column type. 
      1. Below you can find examples of operators used. 
   3. Add a filtered value - specify the value you wish to filter.

1. 1. 1. You can use the table in order to paste exactly the value you want to filter. 
      2. If the column type is boolean or integration, select the value from a dropdown list. 
2. When you are finished with the filtering, click the "Apply Filter" button. 
3. Clicking "Apply filter" moves you to the next step of providing a reason and defining the audit scope. 
   
   1. What is the reason?
      The reason is attached to the filter and documented in order to display why the filter is applied and give the filter the right context.
      1. You need to provide a reason when applying a filter to the evidence results. This is a mandatory step. 
      2. The filters you create aren't just for a temporary view of the evidence, they are saved permanently. Thus, providing a reason is crucial.
         The reason is displayed in the evidence IPE, and if the audit is conducted by the auditor, it's also visible to them. For compliance, we have to justify why this data is irrelevant to the audit. 

1. 1. Audit scope:
      Scytale allows you to apply the same filter to all audits or to a specific audit, instead of performing the same filter many times. 
      The audit scope is viewed differently on different screens as detailed below:
      1. Monitoring screen - applied to all audits by default. You can change it by clicking on the toggle button, for selecting which audit you wish to filter. 
      2. Audit screen - applied to all audits by default, you can change it by clicking on the toggle button, and the filter applies to the current audit.
2. Clicking "Confirm" applies the filter scope and the evidence and IPE is updated accordingly. 
   1. Automatic tasks from integrations are closed if the filter is applied to all active audits.
   2. It doesn't affect automatic tasks if it's applied to a specific audit.
3. The "Applied Filter" button near "Create Filter" allows you to manage and see the filters you created.
4. If you apply a filter and you want to make changes or add new conditions to it, you can edit it. 
   
   

Editing filter

After creating at least one filter, this ability becomes visible.
📍Location: editing filters are available when you open the evidence in automatic monitoring.

1. Go to the relevant audit & product you need to edit a filter.
2. Click to open the relevant evidence you want to filter results. 
3. Click on the "Applied Filters" button. 
4. You can see the list of filters, for each filter you can see the following details:
   1. Filter creation date.
   2. Audit scope - all audits or this audit (where you enter to open the evidence).
   3. Delete filter button - delete the filter affect the following:
      
      1. The evidence is updated with the changes of deleting the filter. 
      2. If this filter is applied to all audits scope, reopening tasks for non-compliance issues.
   4. Edit filter button - you can edit and change existing filters with flexibility and agility (adding new conditions to the same filter, updating existing conditions, etc). 
      1. After entering edit mode, you have the option to save the filter or cancel it (without saving the changes).
      2. Edit filter details button - allows you to edit the reason or the audit scope defined for the filter (only in case it changed). 
         
         

Additional information

Few examples of what filters are used for:

1. The repository list is pulled from Github integration. Some repositories aren't used for production (i.e development repositories only). In this case, it is possible to filter out the development repositories from the evidence.
2. In cloud provider integrations (AWS, GCP, Azure) the data is pulled with the account identifier. If your company separates data by account identifiers, using the filters allows the audit data to be displayed for the relevant accounts related to the audit. 
3. In the case of a company with multiple products - you can customize in each evidence the relevant integration data used for each product.