Skip to main content Link Menu Expand (external link) Document Search Copy Copied
In this article:
  1. Assessment Data Import
    1. Downloading the Import Template
    2. Data Structure
      1. Responses Sheet
      2. Action Items Sheet
      3. Notes Sheet
      4. Links Sheet
      5. Owner Rationale Sheet
    3. Creating an Assessment via Import

Assessment Data Import

Axio360 allows data import for supported assessment models. This allows users to migrate their manual assessment data into Axio360. An assessment import template is available for download from the Axio360 product.

The Target Source drop-down on the New Assessment modal should not be used during initial assessment creation via import workflow. If a target profile is supposed to be applied, create and save the assessment first and afterwards apply a Target Profile.

Downloading the Import Template

To download a template:

  1. In Axio360, navigate to Assessments.
  2. Select, for example, a New C2M2 v2.1 Assessment.
  3. On the New Assessment modal, scroll to the AssessmentTemplate download link.

Assessment Template download link

The following models do not support the import option via template:

  • C2M2 (previous versions)
  • CMMC
  • CMMC v2
  • CRI
  • FFIEC1
  • ISO 27001
  • RPA (Ransomware)

Data Structure

The template file has 5 data sheets:

  • Responses
  • Action Items
  • Notes
  • Links
  • Owner Rationale

Each datasheet has a different set of columns to match the model structure on import.

  • The names of the data sheets and the column names on each sheet are mandatory and need to match.
  • The Practice FQNs are formed based on abbreviated Domain, Category, and Practice references. Those building blocks of the IDs are visible in the Axio360 UI when looking at an assessment. Domains and category names are used to create an abbreviated match.
  • Dimensions are identified by lowercase letters, starting with a. If a model uses four dimensions, a, b, c, and d are used.
  • Dates are in yyyy-mm-dd format. This column should be formatted as a text column to prevent Excel algorithms from changing the data structure.
  • Certain columns expect states reflected via TRUE/FALSE value. This column should be formatted as a text column.

Responses Sheet

Columns Description
Practice FQN The Practice FQNs make up the first column of each data sheet. These have to match the model reference IDs, which are the Domain, Practice and Control identifiers. For example, DE.AE.1.

Where,
- the first two letters identify the domain, such as ID for Identity, DE for Detect, etc.
- the second set of letters identify the category, such as AM for Asset Management, SC for Supply Chain Risk Management, etc.
- the number identifies the control.

Responses examples
Practice Name The actual name of the practice is reflected in the UI title.
Current Level Your assessment’s current level of compliance. For a NIST CSF assessment the data to answer are abbreviations for
- not implemented = NI,
- partially implemented = PI,
- largely implemented = LI, and
- fully implemented = FI.
Target Level Your assessment’s target level of compliance. For a NIST CSF assessment, the data to answer are abbreviations for
- not implemented = NI,
- partially implemented = PI,
- largely implemented = LI, and
- fully implemented = FI.
Target Date Your target date for achieving the target level of compliance.
Company Help Text Any company-specific help text.
Dimension If dimensions are used, for example, in a CIS assessment, they are specified and mapped as
- a for Policy Defined
- b for Control Implemented
- c for Control Automated or Technically Enforced
- d for Control Reported to Business

Action Items Sheet

Columns Description
Practice FQN Refer to Practice FQN description for the responses sheet.

Action items example
Text The action item scope/instruction.
Due Date Identifies when the action item is due.
Is Done Indicates a status of done for that particular action item. This column accepts TRUE or FALSE as entries to reflect is done as TRUE.
Done Date Indicates when an action item is complete.
Assignee Name or email address of the person assigned to the action item.
Practice Name The actual name of the practice is reflected in the UI title.
Is Linked Links to artifacts or references.

Notes Sheet

Columns Description
Practice FQN Refer to Practice FQN description for the responses column.

Notes example
Text Plain text.
Is Internal This column accepts TRUE or FALSE as entries to reflect is internal as TRUE.
Author Name of person entering the note.
Tags Tags for the notes as a comma-delimited list.
Practice Name The actual name of the practice is reflected in the UI title.
Columns Description
Practice FQN Refer to Practice FQN description for the responses column.

Links example
Author Name of person entering the links.
Location File path or URL.
Name The friendly name for the link display in the UI.
Owner Rationale Evidence data.
Rationale Author Evidence data.
Rationale Timestamp When the evidence was added.
Evidence Help Text Any customer-provided help text for the provided evidence.
Practice Name The actual name of the practice is reflected in the UI title.

Owner Rationale Sheet

Columns Description
Practice FQN Refer to Practice FQN description for the responses column.

Owner rationale example
Author Name of person entering the rationale.
Rationale Plain text.
Timestamp Date rational was entered.
Practice Name The actual name of the practice as reflected in the UI title.

Creating an Assessment via Import

  1. Navigate to Assessments.
  2. From the bottom of the navigation menu, use the New Assessment option.
  3. On the new assessment modal, enter a name and description for your assessment.
  4. Scroll to the Upload Assessment Answers from Excel section.

    New Assessment modal import data section

  5. Use the Drag files or click here option to import/select your data source file.
  6. Axio360 inspects the data source and provides a list of errors found in the file. Resolve errors before proceeding with the import.

    Error indicators for import data

    Click Cancel and return to your source file to fix any listed issues.

Repeat the import steps until all errors are resolved or you feel comfortable that you can fix any issues after the import completes.