What condition must be met to edit the risk scoring logic of a Risk Assessment Methodology (RAM)?

To edit the risk scoring logic of a Risk Assessment Methodology (RAM), all assessment instance records must be deleted or canceled. This requirement is in place because the scoring logic impacts how risks are evaluated, and any existing assessment instances must be finalized before changes can be made to ensure consistency and integrity in the scoring process.

Having all assessment instances deleted or canceled means that there are no active records that could be affected by the modification of the scoring logic. It prevents potential data inconsistencies that could arise if active assessments were present while changes to the scoring logic are applied. This is particularly important in environments where accurate risk assessment is critical for decision-making and compliance purposes.

Alternative scenarios, such as having all assessment instances closed, in a Monitor state, or in a Draft state, do not meet the same rigorous requirement for editing the scoring logic because those states may still involve records that are linked to the current assessment and could affect outcomes and reporting, which is why they do not fulfill the condition needed for modifying the RAM.