Controls are the building blocks of your Policy Manual. Controls have:
- A brief statement (more than the name, less than the description) (optional)
- An activity log
- Mappings to framework requirements
- Mapping to policies
- Procedures mappings that implement your policies
- Risk mappings
- Evidence mappings
Click into any Control to edit the various properties associated with it. Click the pencil icons next to any field to edit that field. Note that the policy text can be expanded in a larger modal like so:
Once you have reviewed all of the controls within the policy manual that map to your selected framework, you are ready to approve the policy manual so that you have record and version control of the content.
- Click on the policy manual tab
- Select the Updated option in yellow on the far left hand navigation
- Select the control(s) that you wish to approve just adding/removing the check box beside each
- Include a version number and a description of the change
- Select Approve Selected Controls
Versioning your Policy Manual
Versioning your policy manual helps prove to your auditor that your organization knows what the effective version of the policy manual is at any point in time. We recommend using a familiar schema such as v1.0, v2.0, etc. You can keep track of minor changes to policy manual content in the form of v1.1, v1.2, etc.
Simply click the "Export" button in the upper-right corner of the "Controls" screen. This will download a comma-separated list of controls that you can open with Excel, Google Sheets, and other tools.
All controls are included in the export
Note that this export will include all controls, including controls that are filtered or paginated out of the current view.
Updated 10 months ago