Reviews and Attestation in Standards
Attestation keeps your compliance programme current by requiring periodic reviews of individual requirements. When a requirement needs regular confirmation—such as an annual policy review or a quarterly risk assessment—attestation tracks whether that review is up to date, approaching its due date, or overdue.
Why attestation matters
Standards are not one-off checklists. Many requirements need ongoing verification to stay valid. Attestation lets you set a review interval for each requirement, then tracks whether the review has been completed on schedule. This creates an audit trail and helps compliance officers spot gaps before they become violations.
How attestation is set up
Attestation is configured on a requirement when the standard is being authored or edited. For each trackable requirement, you can enable Require Periodic Attestation and set a review interval—such as three months, six months, or one year. This interval is part of the standard definition, so every site that adopts the standard inherits the same review schedule.
After a site adopts the standard, the site manager links the requirement to an actual review policy and assigns the recipients who will perform the review. The interval you set at the definition level determines how often those recipients must confirm the requirement is still met.
Understanding attestation health
Each requirement with attestation enabled shows a health indicator in the requirement tree. The indicator tells you the current review state at a glance:
Health label | What it means | What to do |
|---|---|---|
Up to Date | The latest review has been completed and the next review is not yet due. | No action needed. |
Due Soon | The next review is approaching its due date. | Prepare the review or remind the assigned owner. |
Overdue | The review has passed its due date without being completed. | Complete the review immediately. This is a compliance gap. |
Initial Review Due | The standard is active but the first review has never been completed. | Complete the initial review to bring the requirement up to date. |
Not Configured | The requirement calls for attestation but no review policy has been linked at the site. | Link a review policy and assign recipients in the requirement settings. |
How health is determined
The system compares the requirement’s attestation interval against the linked review policy and the last completed review date:
If no review policy is linked, the state is Not Configured.
If the standard is active but no review has ever been completed, the state is Initial Review Due.
If the next review date has passed, the state is Overdue.
If the next review date is approaching within the due-soon window, the state is Due Soon.
Otherwise, the state is Up to Date.
The system also warns you if the linked review policy’s interval is less frequent than the standard requires. For example, if the standard demands a six-month review but the linked policy only runs annually, the requirement will flag a gap even if the latest review is technically up to date.
What you see during adoption
While a standard is in the Adopting state, the health indicators are softened because the programme is not yet live:
Not Configured appears with a warning tone rather than an error tone.
Due Soon and Initial Review Due appear with a success tone rather than a warning tone.
Up to Date is displayed as Attestation: Configured.
The last review date is shown as Not yet started.
The next review date is shown as Starts when standard is activated.
This tells you that attestation is set up correctly without creating false alarms before the standard goes live.
Hovering an indicator
When you hover over an attestation indicator in the requirement tree, a summary card appears with details such as:
The required review interval
Whether a review policy is mapped
The next review due date
The date of the last completed review
If the standard is still adopting, the card may show Not yet started or Starts when standard is activated instead of actual dates.
What is next
To set up attestation review directly on a requirement, see Set up attestation review for a standard requirement. For broader requirement configuration, see the Configure Standard Requirements. For an introduction to the Standards module, see the Standards Overview.