![Adoptech-logo-GreyWithoutStrapline-1.png]](https://knowledge.adoptech.co.uk/hs-fs/hubfs/Adoptech-logo-GreyWithoutStrapline-1.png?height=39&name=Adoptech-logo-GreyWithoutStrapline-1.png){kind=logo}
- What is a control
- Link checks to a control
- Link policies to a control
- How to save or cancel changes
- Mark a control as Out of Scope
Information Security Controls are processes that you implement to modify risks. Controls typically reduce the likelihood of a risk materialising or aim to reduce the impact if it does.
While your Company Policies describe what must be done, your Controls and the respective Treatment Plans outline how you are going to achieve the policy requirements.
Adding a Control
1. To Add a control, go to Frameworks and click on Controls tab at the top. Select the Add new orange button in the top right-hand corner of the page and click on Control.
The Add a control view will open on the right side.
- Owner — optionally search for and assign a user responsible for this control.
- Control Name — enter a name that clearly identifies what the control covers. This field is required.
- Framework — select the framework this control belongs to. Once selected, the category dropdown becomes available — select the category to group the control correctly within your controls list. A framework and category are required to create a control.
- Add Reference — optionally add a reference number or identifier if your framework uses one (e.g. A.5.1).
- Control Description — optionally describe why the control exists.
- Compliance Procedure — optionally document how your organisation meets this control. This is the text you will be asked to confirm when you run a periodic control review.
You can create a control with just a name and framework — checks, policies, and actions can be added at any time after the control is created.
Compliance procedure
A compliance procedure details the process or processes that your company will carry out for the control to successfully modify / mitigate risk.
Have a look at some of the suggested compliance procedures in the Adoptech created controls. In the example below we have ISO 27001 Framework and Control A.5.1.
Note: the text box will automatically expand as you add more text, up to a certain size. The text box can be expanded further by dragging the bottom right-hand corner.
Additional checks can be linked to a Control using the Manage checks button.
Once clicked a Relationship Manager will open. Here you can either add a custom check or click on the All tab and select a pre-existing one.
To remove the link between a control and a check, simply uncheck the box.
How do I link a policy to a control?
The policies that address the requirements of each of the controls should be linked to their associated controls.
Please see this article for the steps on how to link a policy (Adoptech-manager or Custom) to a control.
All changes made in the RHS menu must be saved by clicking on the DONE button at the bottom.
If you do not want to save your changes, click on: Cancel, the X on the top right-hand corner, or click away from the RHS menu. You will be prompted to confirm that do not want to save any changes.
How do I mark a control as Out of Scope?
Please see this article for the steps on how to mark a control as Out of Scope.
Need help? Open a chat with the team.