Requirements and Controls

How to Use Controls in Your KCM GRC Platform

In KCM GRC, a control is the method or proof that demonstrates how your organization is meeting its compliance requirements. A control can be a document, process, technical implementation, or any action that relates to one or more compliance requirements or risk management initiatives. 

The sections below provide an overview of how to use controls in your KCM GRC platform.

Jump to: 

Getting Started with Controls

Creating Controls

Viewing All Controls from the Controls Page

Viewing Individual Controls from the View Control Page

Creating Tasks for Controls

Mapping Controls to Requirements

Mapping Controls to Risks

Deleting Controls in Bulk

Getting Started with Controls

You can use controls in the Compliance Management and Risk Management modules of your KCM GRC platform.

  • In the Compliance Management module, you can use controls to document your organization's efforts toward meeting its compliance objectives. You can create controls that apply to one or more of the requirements in your scopes
  • In the Risk Management module, you can use controls to document your organization's preventative actions for its risk management plan. You can use your risk register to create new controls for risks or to map existing controls to risks. For more information, see our How to Create and Map Risk Controls article.

In both modules, you will follow the same workflow for creating and managing controls.

Creating Controls

We recommend that you create controls individually, but you can also create controls in bulk by importing a CSV file or creating controls from requirements. For more information, see our How to Create and Import Controls article. 

Viewing All Controls from the Controls Page

Note:If you are an Account Administrator or a Scope Administrator, you can view controls from the Controls page. Account Administrators can view all of the controls in their platform. Scope Administrators can view the controls that are mapped to scoped requirements within their allowed scopes. These user permissions will affect all of the actions that are listed below. For more information about user permissions, see our User Roles Guide.

From the Controls page, you can perform any of the actions listed below.

Controls Page PNG

  1. Create Control: Create individual controls.
  2. Upload CSV: Upload a CSV file of multiple controls.
  3. Export CSV: Export a CSV file of the controls in your Controls Library. You can view, download, and save this file.
    • If you use the search filters on this page, this CSV file will only include controls from your search results. 
  4. Name: Search for control names, and view a list of control names. 
  5. Description: Search for keywords, and view details about controls.
  6. Schedules: View the number of task schedules that each control has. 
  7. One-Time Tasks: View the number of one-time tasks that each control has. 
  8. Control Health: View the percentage of a control's scheduled tasks that are complete. For more information, see the Control Health section of our Glossary of Compliance Terms article.
  9. Tags: Search for tags to find controls, and view tags that have been added to controls. 
  10. Actions: Edit controls by clicking the pencil icon. Delete controls by clicking the trash icon. 

Viewing Individual Controls from the View Control Page

From the top of the View Control page, you can perform any of the actions listed below.

View Control Page PNG

  1. Update: Update the control's details. Click this button to assign an approving manager, update the control's description, and add tags. You can also click the Update button to assign a user or a user group to the control
  2. Clone: Create a new control with the same name and description as the original control. You can use the check boxes to select whether you want the clone to have the same mapped risks and requirements as the original control. Clone Control PNG
  3. Archive: Archive the control, which will permanently delete the control's tasks. For more information, see the What is the difference between archiving and deleting a control? question in our Frequently Asked Questions (FAQ) for KCM GRC article.
  4. Delete: Permanently delete the control and all of its evidence, documents, notes, and tasks.
  5. Control Health: View the control's Control Health percentage, which represents how adequately your team is satisfying the tasks for a control. For more information, see the Control Health section of our Glossary of Compliance Terms article. 
  6. Notes: Add notes to provide context for evidence, documents, and tasks that are related to the control. You can also use this section to communicate information to users who may view the control.  Control Notes PNG

From the bottom of the View Control page, you can use the tabs below to manage a control's workflow.  View Controls Tabs PNG

  1. Task Schedules: Create recurring tasks for the control. For more information, see our How to Work with Tasks for Controls article.
  2. Tasks: View all of the control's tasks and information related to each task. Use this tab to monitor the users who are assigned to each task, task due dates, and task statuses. For more information, see the Tasks Tab section of our How to Work with Tasks for Controls article.
  3. Evidence: View all of the evidence that users have uploaded for the control's tasks. Use the Actions column to download, view, and edit evidence.
  4. Documents: Upload examples of evidence-related documents or detailed instructions that can help users complete tasks. Use the Actions column to download, view, edit, and delete documents. The users who are assigned to a task can view these documents on the View Task page.
  5. Requirements: View all of the requirements that are mapped to the control, and map the control to requirements. For more information, see the Mapping Controls to Requirements section below.
  6. Risks: View all of the risks that are mapped to the controls, and map the control to risks. For more information, see the Mapping Controls to Risks section below.

Creating Tasks for Controls

To create and delegate tasks, you can create tasks for controls. Tasks will help your team organize tasks and focus on task due dates. After you create a task, users who are assigned to tasks can upload evidence that shows how your organization is meeting its compliance goals. 

From the View Control page, navigate to the Task Schedules tab to create a task. For more information, see our How to Work with Tasks for Controls article.

Mapping Controls to Requirements

To demonstrate how your organization is meeting its compliance goals, you should map all of your controls to requirements. Mapping your controls to requirements will help your team focus on the compliance standards or best practices that your organization must follow. 

From the View Control page, navigate to the Requirements tab to map a control to requirements. To learn how to map controls to requirements, see the Mapping Requirements to Controls section of our How to Map Requirements and Controls article.

Mapping Controls to Risks

To track the risks that your controls can prevent or mitigate, you can map controls to risks. Mapping your controls to risks will help your team prepare for risks that your organization may encounter. 

From the View Control page, navigate to the Risks tab to map a control to risks. To learn how to map controls to risks, see our How to Create and Map Risk Controls article.

Deleting Controls in Bulk

If you no longer need a set of controls, you can permanently delete them from your platform.

Note:If you think you may need these controls in the future, we recommend that you archive them instead. To learn how to archive controls, see the Archiving Controls section of our Archiving Items Guide

To delete controls in bulk, follow the instructions below:

  1. Navigate to the Controls tab from your navigation panel.
  2. Select the check boxes next to the controls you would like to delete.
  3. Click the Delete button. When you click this button, a pop-up window will open to confirm whether you would like to delete the selected controls.  Delete button
  4. In the pop-up window that opens, enter DELETE into the field to confirm the deletion.  Confirm Deletion Window
  5. Click the Delete button. 

Can't find what you're looking for?

Contact Support
circle-arrow-up