Show download pdf controls
  • Unit 3: Customisation assessment summary sheet

    This unit must be completed separately for each customisation included in the assessment.

    For each customisation:

    • create an entry in the customisation assessment summary table below for each customisation
    • fill in the information in the customisation identity table in the customisation assessment questions
    • answer each question in the customisation assessment questions and record the question score in the score table in this section
    • sum the question scores and total score in the systems score table
    • record the interfaces total score in the summary table below
    • when all customisations have been assessed, sum the scores in the summary table below to create the total score from all customisations
    • enter the number of customisations
    • divide the total score by the number of interfaces to calculate the average customisations score
    • record the average customisations score in the overall risk ratings table.

    Customisation assessment summary table

    Unit 3: Customisation assessment summary table

    Customisation identity

    Customisation total score from unit score table

    Tick risk rating if low

    Tick risk rating if medium

    Tick risk rating if high

    Enter customisation

    Enter score

    1–11

    12–22

    23–32

    Enter customisation

    Enter
    score

    1–11

    12–22

    23–32

    Enter customisation

    Enter
    score

    1–11

    12–22

    23–32

    Total score

    Enter total
    of scores

    Low

    1–11

    Medium

    12–22

    High

    23–32

    After filling out the above table, you need to work out:

    • your total score
    • your total number of customisations

    the average customisations score.

    Customisation assessment questions

    Unit 3: Customisation identity table

    System or application changed

    System

    Nature of change

    Nature

    The four questions in this auditable unit are on the following pages. Enter the score from each question in the score table below and sum the scores for the overall rating for this customisation.

    Unit 3: Customisation score table

    Question

    Score

    Tick risk rating if low

    Tick risk rating if medium

    Tick risk rating if high

    1. Extent

    Enter
    score

    1–3

    4–6

    7–9

    2. Maturity

    Enter
    score

    1–2

    3–8

    9–10

    3. Ownership

    Enter
    score

    1–2

    3–6

    7–10

    4. Documentation

    Enter
    score

    1

    2

    3

    After filling out the above table, you need to work out your overall total score.

    Fill out the tables below to answer the four questions and the risk rating that you will record with your scores. Also record additional comments and document evidence for each question.

    1. Extent

    Question 1: How extensive are the changes made by this customisation?

    Possible answers (tick the ones that apply)

    Score

    Risk rating

    Low (from a few to 10% of programs) – reports customisation only

    3

    Low

    Medium (more than 10% but less than 50% of programs) – reports and processing customisations

    6

    Medium

    High (50% or more of programs) – reports and processing customisations

    9

    High

    2. Maturity

    Question 2: How long has this customisation been in place?

    Possible answers (tick the ones that apply)

    Score

    Risk rating

    Over 10 years

    2

    Low

    7 to 10 years

    4

    Medium

    4 to 6 years

    6

    Medium

    1 to 3 years

    8

    Medium

    Less than 1 year

    10

    High

    Mitigated

    2

    Low

    3. Ownership

    Question 3: Who developed and maintains this customisation?

    Possible answers (tick the ones that apply)

    Score

    Risk rating

    Vendor developed & maintained

    2

    Low

    Vendor developed & In–House maintained

    4

    Medium

    In–House developed & maintained

    6

    Medium

    Developed by external party (not original vendor) & In–House maintained

    8

    High

    Developed by external party (not original vendor) & maintained by contractors

    10

    High

    4. Documentation

    Question 4: Do you have any documentation that sets out the specific design of your customisation?

    Possible answers (tick the ones that apply)

    Score

    Risk rating

    Version controlled specifications, data dictionary and test scripts

    1

    Low

    Out of date specifications and no test scripts

    2

    Medium

    No specifications and no test scripts

    3

    Medium

    Last modified: 18 Jun 2019QC 59343