It is similar to option B, see detail, except you manually define the Internal Control's asset. If you do this option, you will need to manually manage where the IC is applied to and make sure all appropriate evidences are collected to meet your audit or compliance requests.
Policy is link to internal control. Internal control can applied to multiple entities. Company is not ready to collect evidence for the internal control so you manually link the asset to the internal control. User will need to maintain the asset mapping to the internal control.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article