Using Controls in Your KCM GRC Platform
In KCM GRC, a control is the evidence or method that demonstrates how your organization is meeting its compliance requirements. A control can be a document, process, technical implementation, or any action that relates to one or more compliance requirements or risk management initiatives.
The sections below provide an overview of how to use controls in your KCM GRC platform.
Getting Started with Controls
- In the Compliance Management module, you can use controls to document your organization's efforts toward meeting its compliance objectives. You can create controls that apply to one or more of the requirements in your scopes.
- In the Risk Management module, you can use controls to document your organization's preventative actions for its risk management plan. You can use your risk register to create new controls for risks or to map existing controls to risks. For more information, see our How to Create and Map Risk Controls article.
In both modules, you will follow the same workflow for creating and managing controls.
We recommend that you create controls individually, but you can also create controls in bulk by importing a CSV file or creating controls from requirements. For more information, see our How to Create and Import Controls article.
Viewing All Controls from the Controls Page
From the Controls page, you can perform any of the actions listed below.
- Create Control: Create individual controls.
- Upload CSV: Upload a CSV file of multiple controls.
- Export CSV: Export a CSV file of the controls in your Controls Library. You can view, download, and save this file.
- If you use the search filters on this page, this CSV file will only include controls from your search results.
- Name: Search for control names, and view a list of control names.
- Description: Search for keywords, and view details about controls.
- Schedules: View the number of task schedules that each control has.
- One-Time Tasks: View the number of one-time tasks that each control has.
- Control Health: View the percentage of a control's scheduled tasks that are complete. For more information, see the Control Health section of our Glossary of Compliance Terms article.
- Tags: Search for tags to find controls, and view tags that have been added to controls.
- Actions: Edit controls by clicking the pencil icon. Delete controls by clicking the trash icon.
Viewing Individual Controls from the View Control Page
From the top of the View Control page, you can perform any of the actions listed below.
- Update: Update the control's details. Click this button to assign an approving manager, update the control's description, and add tags. You can also click the Update button to assign a user or a user group to the control.
- Clone: Create a new control with the same name and description as the original control. You can use the check boxes to select whether you want the clone to have the same mapped risks and requirements as the original control.
- Archive: Archive the control, which will permanently delete the control's task schedules. For more information, see the What is the difference between archiving and deleting a control? question in our Frequently Asked Questions (FAQ) for KCM GRC article.
- Delete: Permanently delete the control and all of its evidence, documents, notes, tasks, and task schedules.
- Control Health: View the control's Control Health percentage, which represents how adequately your team is satisfying the tasks for a control. For more information, see the Control Health section of our Glossary of Compliance Terms article.
- Notes: Add notes to provide context for evidence, documents, and tasks that are related to the control. You can also use this section to communicate information to users who may view the control.
From the bottom of the View Control page, you can use the tabs below to manage a control's workflow.
- Task Schedules: Create task schedules for the control. For more information, see the Task Schedules Tab section of our How to Work with Tasks and Task Schedules for Controls article.
- Tasks: View all of the control's tasks and information related to each task. Use this tab to monitor the users who are assigned to each task, task due dates, and task statuses. For more information, see the Tasks Tab section of our How to Work with Task Schedules for Controls article.
- Evidence: View all of the evidence that users have uploaded for the control's tasks. Use the Actions column to download, view, and edit evidence.
- Documents: Upload examples of evidence-related documents or detailed instructions that can help users complete tasks. Use the Actions column to download, view, edit, and delete documents. The users who are assigned to a task can view these documents on the View Task page.
- Requirements: View all of the requirements that are mapped to the control, and map the control to requirements. For more information, see the Mapping Controls to Requirements section below.
- Risks: View all of the risks that are mapped to the controls, and map the control to risks. For more information, see the Mapping Controls to Risks section below.
Creating Task Schedules for Controls
To create and delegate tasks, you can create task schedules for controls. Task schedules will help your team organize tasks and focus on task due dates. After you create a task schedule, users who are assigned to tasks can upload evidence that shows how your organization is meeting its compliance goals.
From the View Control page, navigate to the Task Schedules tab to create a task schedule. To learn how to create task schedules, see our How to Work with Tasks and Task Schedules for Controls article.
Mapping Controls to Requirements
To demonstrate how your organization is meeting its compliance goals, you should map all of your controls to requirements. Mapping your controls to requirements will help your team focus on the compliance standards or best practices that your organization must follow.
From the View Control page, navigate to the Requirements tab to map a control to requirements. To learn how to map controls to requirements, see the Mapping Requirements to Controls section of our How to Map Requirements and Controls article.
Mapping Controls to Risks
To track the risks that your controls can prevent or mitigate, you can map controls to risks. Mapping your controls to risks will help your team prepare for risks that your organization may encounter.
From the View Control page, navigate to the Risks tab to map a control to risks. To learn how to map controls to risks, see our How to Create and Map Risk Controls article.
Deleting Controls in Bulk
If you no longer need a set of controls, you can permanently delete them from your platform. If you think you may need the controls in the future, we recommend that you archive the controls instead. To learn how to archive controls, see the Archiving Controls section of our Archiving Items Guide.
To delete controls in bulk, follow the instructions below:
- Navigate to the Controls tab from your navigation panel.
- Select the check boxes next to the controls you would like to delete.
- Click the Delete button. When you click this button, a pop-up window will open to confirm whether you would like to delete the selected controls.
- In the pop-up window that opens, enter DELETE into the field to confirm the deletion.
- Click the Delete button.