When the name of a framework is clicked on, the master data of the framework is shown. To view framework controls go to the tab ‘Framework controls’.
What are frameworks?
Frameworks can be laws or regulations that the organization wants to comply with, e.g., ISO standards, a NIST Cybersecurity framework, SOC II or other regulation.
- To edit the name or description of the framework, click on the edit button in the upper right corner.
- To add attachment, click on the ‘Upload’-button.
- To delete a framework, click on the delete icon in the upper right corner.
Add framework controls to a framework
- Go to the tab ‘Framework controls’ on the framework you want to add controls to
- Click on ‘Create control objective’ and fill out name and description of the control objective
- Click on ‘Create framework control’ and fill out name and the description of the control, link it to the relevant control objective, choose weather or not the control is applicable to the organization (if yes is chosen the control will appear in the dropdown menu when adding framework controls to generic controls), write the SoA (Statement of Applicability) description and chose the implementation status.
- If you are an admin, reports can be downloaded in the report generator for the full overview of the Statement of Applicability as well as for framework implementation.
Consists of name and description. A control objective should act as a guidance for the actual controls that are placed under the control objectives and thus create the direction that risks will be mittigated in.
Consists of name, description and relationship to a control objective. You may also document your Statement of Applicability (SoA), to scope which framework controls you want to allow to be visible for the generic control owners. Under ‘View linked controls’ you can see a list of generic controls linking to this framework control to assist you in determining the ‘Implementation status’.