![Adoptech-logo-GreyWithoutStrapline-1.png]](https://knowledge.adoptech.co.uk/hs-fs/hubfs/Adoptech-logo-GreyWithoutStrapline-1.png?height=39&name=Adoptech-logo-GreyWithoutStrapline-1.png){kind=logo}
- What is a control
- What is a check
- Linking checks to a control
- Linking policies to a control
- Linking frameworks to a control
- How to save changes
- How do I remove a control
Information Security Controls are processes that you implement to modify risks. Controls typically reduce the likelihood of a risk materialising or aim to reduce the impact if it does.
While your Company Policies describe what must be done, your Controls and the respective Treatment Plans outline how you are going to achieve the policy requirements.
Adding a Control
Controls can be accessed from the Frameworks page and by selecting the Controls dials as shown below.
To Add a control, select the ADD CONTROL orange button in the top right-hand corner of the page.
The Add a control view will open on the right side.
Name – Enter a name for the control. This should briefly outline the requirement the control is meeting.
Owner - It is good practice and a requirement of most standards to assign an owner to every control. The control owner is responsible for:
-
reviewing the control on a regular basis to ensure on-going conformance
-
ensuring the Treatment plan is clear and conforms with company policies
Note: the Owner is defaulted to the person that creates the control but this can be updated.
Compliance procedure
A compliance procedure details the process or processes that your company will carry out for the control to successfully modify \ mitigate risk.
Have a look at some of the suggested compliance procedures in the Adoptech created controls. In the example below we have ISO 27001 Framework and Control A.5.1.
Note: the text box will automatically expand as you add more text, up to a certain size. The text box can be expanded further by dragging the bottom right-hand corner.
Checks are validation that the deliverables in the treatment plan are in place.
Checks are completed by members of the team to ensure compliance with a control.
Have a look at some of the suggested Adoptech created checks. Click Add new to add your own custom control check.
Additional checks can be linked to a Control using the + Add button. Note that checks must be initially created via the Checks Page, accessible from the left hand side menu. To remove the link between a control and a check, select "Remove from control" from the menu on the right hand side.
How do I edit a Check?
Checks can be edited by:
- Clicking on the check itself on the Checks page
- Via the of a Control edit RHS menu, select the Associated check.
The policies that address the requirements of each of the controls should be linked to their associated controls.
To link a policy to the control, start typing the name and select Confirm.
Frameworks can be added to at the bottom of the Control edit RHS menu.
Select DONE to save your changes!
If you do not want to save your changes, click on: Cancel, the X on the top right-hand corner, or click away from the RHS menu. You will be prompted to confirm that do not want to save any changes.
How to remove a control?
To remove a control, click three dots and select Not applicable as shown below.
Provide a reason for exclusion and click Done.
You can find the controls marked as not applicable on the same page at the bottom.
