In KCM GRC, a control is a processes, technical implementation, or other action that demonstrates how you are meeting your compliance requirements or other objectives.
There are two options for creating controls in the KCM GRC platform. We recommend option 1, creating controls one-by-one, so you can focus on one compliance objective at a time.
Here's more information on each option:
- Option 1: Create controls one-by-one
- This option involves navigating to a scope's individual requirements to create a control for each.
- When you create a control from a scoped requirement, the control is automatically mapped to that requirement.
- This method may be the best solution for your organization if the controls will vary between your different scopes, or if you do not already have processes in place for documenting compliance requirements.
Click here to see instructions for creating controls one-by-one.
- Option 2: Create controls in bulk
- This option involves uploading a CSV file of controls independently from a scope's requirements.
- Once created, you’ll map these controls to the appropriate requirements. See our Mapping Requirements and Controls article for more information.
- This method may be the best solution for your organization if controls will be applicable to multiple scoped requirements, or if you already have processes in place for documenting compliance efforts.
Click here to see instructions for creating controls in bulk.
Option 1: Creating Controls One-By-One
Once you've created one or more scopes, follow the steps below to create controls for each scoped requirement.
- Navigate to the scope containing the requirements for which you want to create controls.
- From the menu on the left-hand side of your account, click Compliance > Scopes.
- From the View All Scopes page, click a scope name under the Name column to open the scope.
- From the View Scope page, click the Requirements tab. Then, from the Name column, click a requirement name to open the requirement.
- From the Controls section of the page, click the Create Control button.
- In the Create Control window, add the following information:
- Name: Add a name that represents the purpose of the control.
- Control Description: Provide a detailed description of the control. The description should include what the control is, how to review and assess the control, and what type of evidence is expected to satisfy the control. See our Glossary of Terms to learn more about control descriptions.
- Tags: (Optional) You can add one or more tags to group similar controls in your platform.
To create a new tag: Type one or more words in the field, then press enter on your keyboard to save the tag. Tags have a maximum of 25 characters, including spaces.
To select an existing tag: Click the drop-down menu to see existing tags. Click on a tag to add it to the control.
- If you'd like to create an additional control for this requirement, click the Add Another checkbox. Otherwise, click the Create button.
- You will see the new control in the Controls table. This table shows the controls that are mapped to this scoped requirement.
Note: If this control applies to additional scoped requirements, open the control, then map the control to the applicable requirements. For more information, see our Mapping Requirements and Controls article.Now, repeat steps 1-5, above, for the remaining requirements in your scope. To navigate to the next requirement in your scope, click the Next Requirement button in the top-right area of the View Scoped Requirement page.
Option 2: Creating Controls in Bulk
To add controls to your account in bulk, begin by creating a CSV file. Expand the below drop-down menu to learn how to format your file.
- The separator should be a comma and the file should be a valid CSV
- The following header line is required, and it is case-sensitive:
- name, description
- All fields are mandatory
- The name field has a 255 character limit
- The description field has a 1000 character limit
Once you've created your CSV file, follow the steps below to upload the controls to your account.
- Navigate to the Controls Library by clicking Controls from the menu on the left-hand side of your account.
- Click the Upload CSV button in the top-right area of the page.
- From the Import Items window, click the Click to Upload button and select your CSV file.
- You will see a preview of the controls. If you would like to remove a control from the import, click the trash can icon.
- Click the Import Items button to import your controls.
After you've uploaded your controls, be sure to map them to the appropriate requirements. For more information, please see our Mapping Requirements and Controls article.