Policy authors identify risks in different domains that significantly impact their organization. Creating a control using content wizard is a content action which provides the freedom to choose the industry standards, frameworks, and regulatory controls. A user can choose a regulation to build controls that can be enforced implicitly within a domain. Stakeholders use the content pack to assess the standard controls and subcontrols by performing various workflow stage actions such as draft, test and approve prior to control deployment.
To select domain-specific controls:
- In the RiskVision application, go to Controls > Controls and Questionnaires, and select the desired controls group. In the RiskVision application, go to Risks > Controls and Questionnaires, and select the desired controls group. In the RiskVision application, go to Policies > Controls and Questionnaires, and select the desired controls group.
Select New Controls with Content Wizard in the Actions pull-down list to launch Create New Controls by Content Wizard, displaying the Regulations wizard page.
Select one or more regulations and click Next. The Frameworks wizard page appears.
Choose frameworks related to the regulations selected in the previous step and then click Next. The Domains wizard page appears.
Click Select All to choose all the domains related to a framework or select specific domains that are applicable to one of the many assessments. For example, to assess the security-related risks in your organization, you might choose the Information Security Programs domain. Click Next to display the Filters wizard page.
- To match the business objective, you might want to run concise assessments by using various filters such as subcontrol types, control organization, auto/manual controls, and redundancy controls.
Click Finish to add domain-specific controls to create programs and assessments that assess your organization's risk with respect to the specified domains.