Request lifecycle

A Request in Portal is used to organize a security assessment. The general workflow is:

  1. Create a Request. This is sent to the team responsible for reviewing and scoping assessments.

  2. Receive a Proposal. This is a proposal to test, which may be accompanied by a formal document covering the deliverables, costs, etc. This is known as a Statement of Work (SoW).

  3. Accept or Reject the Request.

This all starts with the Request Wizard. Let’s jump right into creating a request!

Creating a new Request via the Request Wizard

To make a new request, click on the New Request button:

You will then be presented with the New Request Wizard. The first step of the wizard requests some general information (this is configurable by Canopy/Portal Administrators, so your request might look different):

image-20210512160043901

Next, you can choose the types of assessments you would like to request:

image-20210512162546436

Each selected assessment will have an associated number of questions that you should complete to the best of your knowledge:

image-20210512160303410

You can also upload any supporting files you might want to share (e.g. API documentation, network diagrams, and so on):

image-20210512162604706

You can Save the wizard at any time. This is helpful if you need to come back with further information later. If you Cancel without saving, any changes will be lost (you will be warned about this before). If you have not saved the request wizard at any point, no entry will be saved in Portal and you’ll have to start the Request over again.

On the final screen of the wizard, you can review the information before you submit it. When you’re ready, click the Submit Request button:

image-20210512165003807

If not, you can delete the Request.

Viewing and editing an existing Request

Requests can be viewed on your Dashboard, and also by clicking on the Requests menu in the top navigation bar:

image-20210512170323677

Note

Requests are filtered based on your access to them.

Request states [TODO]

If you have saved a Draftrequest previously, you can continue editing it by clicking on the dropdown:

image-20210512170305203

Requests that have already been submitted cannot be edited. If you need to change your requirements, contact the assessment team.

Accepting a request

Once a Request has been processed by the supporting team, you will receive a Proposal from the assessment team. This may also include a Statement of Work.

image-20210617131845955

Once you Accept, the request will be updated for the test team and they will start the next stage of the assessment process (scheduling, ensuring requirements are in place, etc.)

Cancelling or Rejecting a request

If you need to cancel (or reject) the assessment request, you can do so from the same Request view shown above. When the status of the Request is in the Proposal stage, you will have the option to Cancel (as normal) and also to Reject:

image-20210617131747165