Configuring Display Rules for Questionnaires

Display rules allow you to configure conditional logic that determines when particular questions are displayed to users. You can use a single questionnaire for all targets of 1 type (such as all vendors), even if those targets vary in their individual attributes. The Show and Hide rules options enable you to display specific questions within a questionnaire record based on the attributes of your questions and of the assessment target. Without display rules, you would have to create separate questionnaires for each variation of your target type. For example, you would have to create 1 questionnaire for vendors that have access to your confidential data and another questionnaire for vendors that do not.

Display rules and question filters

Display rules are based on either category or filter properties that you assigned to a question.

For example, for a questionnaire that assesses targets in your Vendors application, you could create a display rule so that if a vendor handles the financial information of your customer, the questionnaire displays all questions with the following filter properties:

• Customer Data: Yes
• Financial Data: Yes

How display rules are evaluated

Question display rules are evaluated only 1 time for each questionnaire record. The system first evaluates the show rules and generates a list of questions to show based on attributes of the assessment target. Then the system evaluates the hide rules, generates a list of questions to hide, and removes those questions from the show list. Finally, a questionnaire record is created that includes only those questions that are applicable to the assessment target.

If the assessment target changes after the questionnaire record has been created, the display rules are not re-evaluated. For example, if the target is an application that is changed from Development to Production status, the questionnaire record is not updated to include questions related to production environments. To include these questions in a questionnaire for the application, you would need to create a new questionnaire record for the application.

Show vs. hide rules

• Show Rules enable you to display specific questions within a questionnaire record based on the attributes of your questions and of the assessment target. For example, you could create a show rule specifying that when a target vendor provides payment handling services to your company, the questionnaire record for that vendor should show questions related to access authorization, encryption and intrusion detection, and all questions related to the Payment Card Industry (PCI) Data Security Standard. When you define show rules, it is important to note that only the questions that meet your rule criteria are displayed. All other questions are omitted from the questionnaire.
• Hide Rules allow you to hide specific questions within a questionnaire record based on attributes of your questions and of the assessment target. For example, if you create a hide rule specifying that when a target application is used to manage internal accounting processes, the questionnaire record should exclude questions related to encryption but display all other questions related to applications. When you define hide rules, it is important to note that all questions in the questionnaire except for those you select to hide are displayed in questionnaire records for targets that meet the rule criteria. Questions that are hidden within a questionnaire record are not counted when the score for the questionnaire is calculated, nor are they counted when the system calculates the overall completion status of the assessment campaign.

Configure show and hide rules for questionnaires

1. From your questionnaire, go to Configurations tab > Display Rules tab > click .
2. Select the type of display rule, and enter a name, and click Continue.
3. In the Target Application Conditions section, define the conditions within the assessment target that will cause the rule to prove true.
   1. In the Field Name column, select the field to evaluate for 1 or more specific values.
   2. In the Operator column, select the filter operator.
   3. In the Value(s) column, select the values for the condition.
   4. If you have created more than 1 condition, you can apply advanced logic to your search criteria.

      Note: To create additional conditions, click .

4. In the Question Display Actions section, define which questions to show or hide in the questionnaire record when the rule evaluates to true for the target of the assessment.
   1. In the Field Name column, select the question property that you want to use to determine which questions to show or hide when the rule criteria are met.
   2. In the Operator column, select 1 of the following operators to define the relationship between the question property and the specific filter values that cause a question to be shown or hidden when the rule proves true:

      The following table describes the operators.

      Operator	Description
      Contains	If the question is configured with the filter property and value, the question will be shown or hidden. The question may also have other values in the same filter property. For example, if you specify the filter "Confidentiality: High" where "Confidentiality" is the filter property and "High" is the value, a question that includes the filter "Confidentiality: High" and the filter "Confidentiality: Medium" will be shown or hidden.
      Does not Contain	If the question is configured with the filter property and value, the question will be shown or hidden. The question may also have other values in the same filter property. For example, if you specify the filter "Confidentiality: High" where "Confidentiality" is the filter property and "High" is the value, a question that includes the filter "Confidentiality: High" and the filter "Confidentiality: Medium" will be shown or hidden.
      Equals	If the question is configured with the filter property and only the value you specify, the question is shown or hidden. For example, if you specify the filter "Confidentiality: High" and a question includes the filters "Confidentiality: High" and "Confidentiality: Medium," that question is not displayed or hidden because it is not an exact match.
      Does not Equal	If the question is not configured with the exact filter property and value, the question is shown or hidden. The question may have the filter property and value you specify, but if it also has other values in the same property, it is not an exact match. For example, if you specify the filter "Confidentiality: High" and a question includes the filters "Confidentiality: High" and "Confidentiality: Medium," that question is shown or hidden.

   3. In the Value(s) column, select the specific filter values or categories that should trigger a question to be shown or hidden.

      For example, if you selected the Criticality property in the Filter Property column, you could select the value "High" in the Value(s) column. All questions created with this specific filter value are shown or hidden, depending on the type of display rule that you are creating.

   Note: To create additional display conditions, click .