Configure Subcontrols

One of the subcontrols you may put in place to support or verify compliance with this control is to check if there is a process in place and test the process to determine how well it works. To implement a subcontrol, you can specify automated tests of a control or create questionnaires that measure satisfaction with the control and control objectives. In order to create a new subcontrol, you must have Control View and Control Author permissions.

To create a new subcontrol: 

1. Go to Content > Controls and Questionnaires.

2. Expand Organization Content and select a control.

3. Click New Subcontrol. 

4. Click the Create Subcontrol tab and enter the following information: 

   • Title: The control's label in the Organization Content hierarchy.

   • Question text: The question text that displays in the user questionnaire.

   • Description: Provides an overview description of the subcontrol entered in WYSIWYG rich HTML format.

   • Weight: Indicates the weight assigned to this control. When compliance and risk scores are rolled up, values are calculated based on the percentage the control's weight contributes to the total weight of controls at the same level in a hierarchy.

   • Reference Numbers: Lets you specify information corresponding to related control framework or regulation reference numbers, such as ISO-17799 1.4.1. To enter multiple reference numbers, you can include the reference numbers in a comma-separated list.

   • Help text: The help text for this question in the user questionnaire.

   • Assessment Procedures: The procedural text for this question.

   • Key Control: Indicates whether this subcontrol must be included when a user selects control options only to implement or use key controls in measuring risk and policy compliance. In contrast to primary controls, where a user would generally pick one control to rely on for results, users can generally pick multiple key controls.

5. Set up the answers available to the user in the questionnaire. If you skip this step the default answers will be applied. See Default Question Settings.

6. Select subcontrols that apply when an answer is chosen.

7. Click Finish.