Control Attributes

What is meant by control attributes?

Control is something you follow as a company to mitigate potential risks. Control is part of a process designed to accomplish a goal. Every control has many attributes that help us understand it better for mapping and implementation purposes.

What are the different types of control attributes?

Controls in TrustOps have the following attributes:

• Control Name: The name of the control
• Control Definition: Description of what this control does
• Control ID: Unique identifier for the control
• Group: Each control is mapped to a certain group, which is a team or department in your organization.
• Test Status: This shows if the control is passing, failing, or has not run.
• Evidence Status: This shows if evidence has been uploaded for the control and if it’s due or outdated.
• Evaluation Frequency: This is the frequency at which you are testing that your controls are still in place and nothing is out of compliance. This ensures that you are continuously complying.
• Customers Impacted: The number of contracts is mapped to the control. In the event a control fails, your compliance team gets alerted immediately to act on it and understand the potential business risks of not being compliant.
  The following screenshot shows control attributes.

You can also view:

• Tests: There are automated tests mapped to each control. You can view the list of automated tests in “Tests” tab.
  The following screenshot shows the automated tests mapped to a control.
  
  
• Standards: TrustOps maps every control to a standard. A control is mapped to multiple standards so that you can collect evidence for the control once and satisfy the requirements of multiple standards simultaneously. Go to the “Standards” tab to see all the standards that a control is mapped to.
  The following screenshot shows the standards mapped with a control.
  
  
• Implementation: There are procedures and policies linked to each control. You can view all linked procedures and policies from “Implementation” tab.
  The following screenshot shows the list of procedures and policies linked to a particular control.
  
  
• Risks: Every control may have risks that are mapped to it. You can view the associated risks from the “Risks” tab.
  The following screenshot shows the associated risks with the control.
  
  Each control may have a customer contract mapped to it. You can view customer commitments (or contracts) related to the control from “Customer Commitments” sub-tab under “Risks.” You can add or delete the contracts by using “Remove Contract” or “+ Add to Contract” buttons.
  The following screenshot shows the customer commitments or contracts mapped or associated with the control.