Implementing Controls

This guide helps you efficiently set up and implement controls within your chosen frameworks. It walks you through assigning custodians, adding implementation details, setting maturity levels, attaching policies etc.

1. Select “View details” to see list of sub controls within a control group.

1. Select “View details” again under a sub control group.

1. Use the slider to navigate towards the right-hand side of the page.

1. Under “Action” select “Edit Sub Control.”

Choose:

1. “Not applicable” if it is not a requirement or relevant to your organization and proceed to add an explanation as to why it is not. After this, select “Save & Close.” No need to fill in further details.

Or

1. “Applicable” if the sub control is a requirement or relevant to your organization. Click on the “Next” button to continue.

1. In the “Custodian” section:

2. Under “Business Owner” select or create the entity (individual/team/department) that is responsible for ensuring the compliance of the sub control.

3. Under “Technical Owner” select or create the entity (individual/team/department) that is responsible for enforcing the requirements of the sub control.

4. A specific owner can also be assigned by selecting “Designated Owners” and choosing a user or business unit.

1. In the “Implementation Status” section:

2. Under “Implementation Status” select from the dropdown menu the level of implementation.

3. If the control is not implemented, proceed to describe why.

1. If fully or partially implemented, continue to attach proof, documentation log and details of the implementation. For tips on what to fill out hover around the “❔” by the headings

1. Under “Compliance level” select from the dropdown menu what best describes the sub control at the point in time.

1. To select policies that are relevant to the sub control, click the “Assign to A Policy” button, choose a policy and click “Attach.”

1. The fields in “Control Implementation Plan” section should be filled out based on the implementation status selected in the previous section.

2. Under “Potential of User Resistance”, select the likelihood of users to oppose or struggle to adopt the implementation of this sub control.

1. Under “Target Date”, if the control is partially or not implemented, select an estimated time for completion.

2. Proceed to describe how to enhance current level or status of implementation.

3. Under “Implementation Prioritization”, select how soon the enhancement or improvement of the sub control will be.

1. Under “Cyber Risk Ranking for Failure to Implement”, select appropriate qualitative risk ranking for failure to implement the sub control.

1. Finally, under “Cyber Risk Remediation” describe measures in place to handle the risks that may arise from failure to implement the sub control.

2. In the “Defining the Maturity Level” section:

3. Select “Current Implemented Control Governance Maturity” and “Current Implemented Control Technical Maturity” levels from the dropdown menu.

1. Do same for “Target Control Governance Maturity” and “Target Control Technical Maturity.”

2. Click “Submit.”

3. Use slider to navigate the page and under “Action” use “Preview Sub Control” to see all the information you have supplied.

1. Use “Comments” to leave ideas, notes and more for other team members.

1. The corner bar components can be used to view important information related to each sub control.