Automated controls are considered groups of subcontrols. You can only create automated controls in the Check Templates folder when you have the Control View and Control Author permissions.
You cannot directly assign a subcontrol in an assessment. Therefore, if there is a single check, you must still create a group.
To create a template group:
On the Content menu, click Controls and Questionnaires. (On the Risks menu, click Controls and Questionnaires. On the Content menu, click Questionnaires.)
Expand Organization Content and select Check Templates.
Optionally, structure your content in a new root folder by Creating a New Group.
The Check Template Group details appear.
Click New Template Group.
Enter the following fields:
Title. The Title is the label that identifies the group.
- Control Statement. Enter an optional statement to be associated with the new control. Clicking the field pops up the rich text editor. The control statement specifies the actions or checks that must be provided by supporting subcontrols.
- Identifier. Enter an optional identifier for the new control.
- Control Type. Choose a control type.
- Status. The Status field lets you specify the stage of associated control development or completion. Later on, you can use this information to identify and track progress at various stages of completion.
- Key Control. Choose Yes if this is a key control. The Key Control field indicates whether this control must be included when a user selects control options only to implement or use key controls in measuring risk and compliance.
- Version. Enter new automated control's version in any consistent format.
- Target Entity's Preferred Ownership. Choose users, teams, and roles to be preferred owners of the new control.
Objective. The Objective statement specifies the purpose of supporting controls that enforce, check, or verify risk measurement and compliance with organization policies and goals.
Weight. The Weight value indicates the weight assigned to this group when paired with other groups in an assessment. When compliance and risk scores are rolled up, values are calculated based on the percentage. This control objective's weight contributes to the total weight of objectives at the same level in a hierarchy.
Reference Numbers. The Reference Numbers field lets you specify information corresponding to related control framework or regulation reference numbers such as ISO-17799 1.4.1. To enter multiple reference numbers, you can include the reference numbers in a comma-separated list.
Click Save.