Option B - Advance - Automated
This option allows you to create a single Internal Control and map it to multiple assets you're managing compliance for.
Example is:
Control: Quarterly User Access Review
Evidence 1: Quarterly User Access Review for Active Directory
Evidence 2: Quarterly User Access Reviewer for Email
Evidence 3: Quarterly User Access Review for the Corporate Network
In this situation, the Automated means that you identify the asset at the Evidence level and C1Risk will automatically aggregate the asset into your Internal Control.
Pro:
- Internal Control assets is automatically aggregated
- 1 Internal Control and map to multiple evidences
- Policy to Internal Control is easy to manage
Con:
- Rationalize internal control to meet multiple regulatory requirements
- If you have multiple certification requiring the same control, you will need to clarify the control syntax to match your certification reports
- You may need to add multiple evidences to meet your certification document request lists or samples
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article