Platform: Risk Assessment Platform
Applies to: Super Admin and Company Admin Users
The purpose of this feature is to maintain a master library of controls for each Domain and Control Category (i.e., control sets).
Controls can be added to Assessment Units that are for the same Domain.
View the Controls Library
Users with appropriate permissions can view the controls library in App Setup > Controls.
There are two tabs on the Control Library page - Global and Company.
- Global - The Super Admin can manage (add/edit/archive/delete) controls in the Global tab and has view-only access to controls in the Company tab.
- Company - The Company Admin can manage (add/edit/archive/delete) controls in the Company tab and has view-only access to controls in the Global tab.
The main components on the header of this page are:
- Search field – enter search text.
- New Control button - create a new control.
- Bulk Update – update multiple records at one time.
- Export CSV import template – downloads a blank starting template to create a CSV import file.
- Export Controls - downloads a CSV file with all controls from your control library.
- Import Controls - bulk import controls from a CSV file.
Note: When importing from a file, the application runs validation to ensure the file/data format is correct and virus-free. The import is case-sensitive.
The main components of the table are:
- Name – unique name of the control
- Description - the control description; optional
- Domain - domain related to the control
- Category - unique name for the control category (i.e. group of controls)
- Type – the type of control: Preventative, Detective, Corrective, etc*
- Test - description of the usual tests to be conducted to evaluate the performance
- Suggested Evidence - description of the usual evidence needed to support the control performance evaluation; optional
- Status – status of the control: In Progress, Published, or Archived. Select "Archived" in the column's filter settings to see archived controls.
-
Actions column:
- Edit () - edit the details of the control
- Copy () - copy the control to create a new control
- Delete () or Archive () - remove a control from the control library. Delete is available for controls that have not been used in assessments. Archive is available for controls that have.
Use the search and filter options on the table header to filter your results.
*Control Types can be configured in Application Customisation - Dropdown Configuration Management
Create a Control
Create a single control
Use this method to create one control at a time.
- Press the New Control button.
- Complete the details. Fields with an asterisk are required.
- Press the Save button.
Bulk import multiple controls
Use this method to bulk import multiple controls into the control library from a file.
- Use the "Download Control Import File Format" () button to download a blank CSV import file.
- Follow the instructions below to configure the CSV import file. Save the file.
- Press the Import Control () button.
- In the popup, press Choose File and select the file created in Step 2.
- Press Import.
Configuring the Control Import File
The control import file consists of 7 columns. Complete one row per control.
Note: Do not change the column headers. Do not add or remove columns. The file is case-sensitive.
Complete the details - one row per control:
- ControlName - the unique name of the control. Required.
- ControlDescription - the control description. Optional.
- ControlCategory - the category of the control. Required.
- ControlType - the type of control: Preventative, Detective, Corrective, etc
- Domain - the domain of the control's category. Required.
- Test - a description of tests to be conducted to evaluate the performance of the control. Required.
- SuggestedEvidence - a description of the evidence needed to support the evaluation. Optional.
Save the file and import.
Update a Control
Press the Edit () button.
Make your changes
Press the Save button.
Changes will be reflected in assessments the control is added to from that point forward. Historical assessments will display the previous version of the control.
Archive or Delete a Control
The Delete () button is available for controls that have not been used in assessments. Delete a control to remove it from the control library permanently.
The Archive () button is available for controls that have been used in one or more assessments. Archive a control to hide it from the control library and prevent it from being used in future assessments.
Comments
0 comments
Please sign in to leave a comment.