Management Action Plans are a way to correct course if there is a gap in evidence collection, or if the evidence is found to be inaccurate. This article will discuss how Management Action Plans (MAPs) are created.

The Reviewer's role in evidence collection is to review and approve evidence that has been uploaded. A Reviewer can determine if the evidence is acceptable, or if remediation is necessary.

The icons below display multiple evidence collection periods and their different stages:

The purple Unassigned folder is available for supplemental information and is not associated with any specific timeframe.

The yellow folder indicates that the timeframe is coming to a close and therefore requires evidence collection before the end of the indicated timeframe.

The red folders indicate that the evidence collection is past due and was not completed - the locked folder indicates the time period for which evidence can still be submitted has elapsed. The evidence collection period will close 2 periods past the indicated timeframe - in this example, June 2022's period closed in the current period, August 2022.

The blue folder indicates evidence has been uploaded and approved by the reviewer for the indicated timeframe.

A reviewer can create a management action plan by clicking on the red, locked folder, and selecting Fail Period review from the Incomplete icon's dropdown

NOTE: Periods are not generated while a MAP is in effect. There isn't a reason to gather evidence if it's not meeting the spirit of the policy or procedure.

Plan Author. After failing the period review as shown above, a Management Action can be opened. Select an author for the plan - choose a policy or department manager who will be responsible for writing the plan.

Plan Due Date. Set a due date for the written plan. The plan itself will have its own due date, this date is concerning the delivery of a completed plan.

Reason for Failure. The final step for Plan Assignment is to provide an explanation to the Author as to how/why the evidence failed. Be very detailed in your description. What was wrong with the submitted evidence? How did it fail to demonstrate compliance with the procedure, policy or control requirement?

The author of the Management Action Plan will now be able to submit a plan within this evidence card.

Plan Completion Date. First, the author will select a date on which this plan will be completed.

Plan. This plan should be as detailed as possible. Explain what steps are required to resolve the issue. Does policy need to be re-written? Procedures? Are structural changes in the organization required?

Plan Approval. Once the plan has been submitted, the Reviewer can accept or reject the plan. Rejecting the plan will send it back to the author for further edits/corrections. This cycle can continue for as long as necessary.

After the plan has been completed, it's up to the author to explain how it was completed- Did we follow the previously written plan? Were there other items addressed? In most cases, you should expect that procedures and the evidence template description required changes. This is a great place to talk about those changes. After the author submits this, the reviewer can reject or accept with comments. Once accepted, the plan is closed.

After the author submits this, the reviewer can reject or accept with comments. Once accepted, the plan is closed.

After accepting the plan, the icon for that month's evidence turns blue with an exclamation point icon, indicating a Management Action Plan has been accepted for that period

Clicking on that month's evidence will show the timestamped MAP submission, with the ability to click the dropdown for further review.

Set Up, Gather, and Approve Evidence