A generic control is a description of a control that can be performed in your organisation. Generic controls can be scheduled and performed as control tasks through the Project management module.
Fill out or approve the master data for the generic control
You can edit existing generic controls or create new one from this page
Write the name of the generic control e.g. “Re-certification of access rights”
Here it is possible to create tags that allow the generic control to be searched using an alternative keyword.
Assign the users responsible for documenting the generic control. It is possible to add several users as responsible if necessary. One user can be marked as the overall accountable, by marking this person with the star-icon.
Set the control category that matches the control:
- Corrective: The control aims at correcting incidents that has happened.
- Detective: The control aims at detecting incidents that has happened. A detective control could be “Re-certification of access rights”.
Preventive: The control aims at preventing incidents from happening. A preventive control could be “Periodical update of the IT security policy”.
- Controls can be configured to mitigate Risk scenarios in context of a Process, Activity, System, or Contract. An example of a control could be “Re-certification of access rights” to be scheduled to run on selected Systems.
- Security measures can be configured to mitigate threats and/or vulnerabilities. An example of a security measure could be “Periodical update of the IT security policy”.
Set the scope of the generic control. The scope determines what type of risk scenarios the generic control can mitigate and what type of projects the generic control can be assigned to.