To support or verify compliance with a control, you can use a subcontrol to check if there is a process in place and test how well it works. To implement a subcontrol, you can specify automated tests of a control, or create questionnaire questions that measure satisfaction with the control and control objectives. To create a new subcontrol, you must have Control View and Control Author permissions.
To create a new subcontrol:
Go to Content > Controls and Questionnaires.
Expand Organization Content and select a control.
Click New Subcontrol. The Create Subcontrol wizard appears, showing the Subcontrol Details wizard page.
Add the following information on the Create Subcontrol tab:
Title: The Title is the label that will be displayed for the control in the Organization Content hierarchy.
Question text: The Question text that displays in the user questionnaire.
Description: The Description provides an overview description of the subcontrol entered in WYSIWYG rich HTML format.
Weight: The Weight value indicates the weight assigned to this control. When compliance and risk scores are rolled up, values are calculated based on the percentage the control's weight contributes to the total weight of controls at the same level in a hierarchy.
Reference Numbers: The Reference Numbers field lets you specify information corresponding to related control framework or regulation reference numbers like ISO-17799 1.4.1 for example. To enter multiple reference numbers, you can include the reference numbers in a comma-separated list.
Help text: The help text for this question that displays in the user questionnaire.
Assessment Procedures: The procedural text for this question.
The Key Control field indicates whether this subcontrol must be included when a user selects control options only to implement or use key controls in measuring risk and policy compliance. In contrast to primary controls, where a user would generally pick one control to rely on for results, users can generally pick multiple key controls.
The Responses wizard page appears. In the Responses wizard page, set up the answers available to the user in the questionnaire.
When you skip this step, the default answers are applied. See Default Question Settings.
The Dependencies wizard page appears. In the Dependencies wizard page, select subcontrols that apply when an answer is chosen.
Click Finish. Additional detail tabs specific to the subcontrol type appear.
