Policy authors identify risks in different domains that significantly impact their organization. Creating a control using the content wizard provides the freedom to select appropriate industry standards, frameworks, and regulatory controls. A user can choose a regulation to build controls that can be enforced implicitly within a domain. Stakeholders use the content pack to assess the standard controls and subcontrols by performing various workflow stage actions such as draft, test, and approve prior to control deployment.
To select domain-specific controls:
- Open RiskVision Enterprise Risk Manager.
- Go to Risks > Controls and Questionnaires, and select the desired controls group.
Click Actions > New Controls with Content Wizard.
Select one or more regulations, then click Next.
Click the checkbox next to all frameworks related to the regulations selected in the previous step.
Click Next.
Click Select All to choose all the domains related to a framework, or select specific domains that are applicable to one of the assessments. For example, to assess the security-related risks in your organization, you might choose the Information Security Programs domain.
Click Next to display.
To match your business objective, you might want to run concise assessments by using various filters such as subcontrol types, control organization, auto/manual controls, and redundancy controls.Click Finish.