Skip to main content

Working with linked controls on a risk evaluation

Roles and permissions

The following roles can modify the mitigation and rationale fields on controls linked to the risk being evaluated:

  • Anyone with manager permissions for the assessment

  • Anyone with manager permissions on the evaluation

When configuring a risk assessment, you select the risks you want to evaluate and the fields within each risk that you want to review during the evaluation process. If you choose Linked Controls as one of the risk fields to be evaluated, you can review and update the mitigation and rationale fields on those controls.

When the risk evaluation status is set to Approved, Hyperproof updates the original risk record with any changes made to the risk fields being evaluated.

Note

There are two types of linked controls in a risk evaluation. This document discusses the first type, controls linked to the risk being evaluated.

  • Controls that are linked to the risk being evaluated. These controls are part of the evaluation process and can be added, removed, or updated. They display in the left pane of the Evaluation Details window.

  • Controls that are linked to the evaluation record. These controls provide supporting evidence for the evaluation and display under Linked Objects in the right pane of the Evaluation Details window.

Several factors determine whether or not you can update the list of linked controls being evaluated and the mitigation and rationale fields.

  • If you link a control to the risk being evaluated after the evaluation record has been created in the assessment, that new control does not display on the evaluation.

  • If you add a control to a risk evaluation that already contains at least one linked control, the new control displays a New badge and can be included in the evaluation.

  • Setting an evaluation's status to Approved fails if any of the linked controls being evaluated have been archived.

  1. From the left menu, select Assessments.

  2. Select the risk assessment you want to modify.

  3. Click the evaluation name or ID to open the evaluation with the linked controls.

  4. To add a new linked control:

    1. Scroll down the left pane to the Linked controls section and click Link.

      The Link additional controls window displays.

    2. Use the checkboxes to select one or more controls to link to this evaluation.

    3. Click Link selected controls.

      The new controls display in the evaluation window with a New badge next to the control ID.

  5. To remove a new linked control, click the Remove button.

    If you can only remove a new control that was not on the original risk being evaluated

  6. To edit a field for a control, click in the corresponding field on the right and enter the new mitigation percentage or rationale. See Risk mitigation for details on how mitigation works in Hyperproof.

In this section: