Review a Control

Control owners are responsible for reviewing controls to ensure the control documentation meets their organization's needs. Controls are assigned to a requirement, which is then assigned to the Control Owner. All controls that require action from the Control Owner appear on the My Tasks page. A control assigned to the Control Owner on the My Tasks page.

To review a control:

  1. Log into a user account that's been added to the Control Owner user group to display the My Tasks page. 
  2. Click a control to open the Control Review form.The Controls Review form.
  3. Optional: Edit the name in the Control Name field. 
  4. Enter a description in the Description field. 
  5. Begin typing keywords in the Requirements field to display a list of available options, then select the appropriate requirement. You can add more than one requirement, if needed. 
  6. Begin typing keywords in the Risks field, then select the appropriate risk.
  7. Select a control automation option in the Automated Control dropdown. 
  8. Select the frequency of the control in the Frequency dropdown. 
  9. Select the appropriate option to describe the control in the Key Control dropdown. 
  10. Select whether the control is Preventive or Detective in the Prevent or Detect dropdown.
  11. Drag or browse for a file in the Supporting Attachments field. Files can be up to 100 MB in size. Most files types are accepted, however, you cannot upload files with the following extensions:
    • .bat
    • .exe
    • .gif
    • .sh
    • .dll
    • .com
  12. Select an option that describes the effectiveness of the control in the Control Self Assessment dropdown.  
  13. Click Submit for Review to return the control to the Compliance Team for review. If the Compliance Team finds the control requires further remediation, they may send it back to the Control Owner.