Control Management

Audit Creation

To create an audit, navigate to GRC / Control Management and click on Audit Management from the top menu.
Click Create.
In the Standard Name field, select the standard to apply (ISO 27001, PCI DSS, Cyber Essentials, etc.)
Enter an assessment name in the Name field.
Select Assessment from the Type dropdown.
Click Save to automatically generate control activities related to the selected standard.

Navigate to GRC / Control Management / Control Activity and select the audit name to view the related control items.
Click on a control item to start entering evidence and actions. Actions include:
- Double-click Answer to provide responses.
- Assign users via the pencil icon and select from system-defined users or groups.
- Select Compliance State (Compliant / Not Compliant).
- Set Control Applicable (Yes / No) and fill Applicability Reason.
- Enter detailed notes in Answer and click OK. Previous answers are automatically populated for updates.

Previously entered answers can be viewed, updated, or added.
Control Implemented can be set (Yes / No).
Corrective or Preventive actions can be selected or created via Create link.
Action plans can also be created via GRC / Evidence & Parameter Management / Create.

Map control items to related standards, risks, evidences, documents, document templates, ToDo tasks, discovered assets, and non-IT assets.
AI assistance is available via the robot icon for automatic mapping of documents and templates.
Use the three-dot menu Discover Related Mappings to automatically map controls across standards.

Click Save to store updates.
Click Save and Notify Owner(s) to update the owner with an email notification.
Use Update Related Controls or Update Based on Risk from the three-dot menu for automatic updates.

Last updated 4 days ago

Was this helpful?