Automated controls are considered groups of subcontrols. You can only create automated controls in the Check Templates folder when you have Control View and Control Author permissions.
You cannot directly assign a subcontrol in an assessment. Therefore, if there is a single check, you must still create a group.
To create a template group:
Go to the Risks menu > Controls and Questionnaires.
Expand Organization Content. Click Check Templates.
Optional: Structure your content in a new root folder by Creating a New Group.
Click New Template Group.
Enter the following fields:
Title: The label that identifies the group.
- Control Statement: Enter an optional statement to be associated with the new control. Click the field to open the rich text editor. The control statement specifies the actions or checks that must be provided by supporting subcontrols.
- Identifier: Enter an optional identifier for the new control.
- Control Type: Choose a control type.
- Status: Lets you specify the stage of associated control development or completion. You can use this information to identify and track progress at various stages of completion.
- Key Control: Click Yes if this is a key control. This field indicates whether the control must be included when a user selects control options only to implement or use key controls in measuring risk and compliance.
- Version: Enter the new automated control's version in any consistent format.
- Target Entity's Preferred Ownership: Choose users, teams, and roles to be preferred owners of the new control.
Objective: The Objective statement specifies the purpose of supporting controls that enforce, check, or verify risk measurement and compliance with organization policies and goals.
Weight: Indicates the weight assigned to this group when paired with other groups in an assessment. When compliance and risk scores are rolled up, values are calculated based on the percentage. This control objective's weight contributes to the total weight of objectives at the same level in a hierarchy.
Reference Numbers: Lets you specify information corresponding to related control framework or regulation reference numbers such as ISO-17799 1.4.1. To enter multiple reference numbers, you can include the reference numbers in a comma-separated list.
Click Save.