Skip to main content

Control maintenance best practices

Hyperproof is structured so that controls are the center point for all of your compliance operations. This means "everything else"—requests, risks, requirements, evidence, issues, and so on—is linked to your controls. Hyperproof refers to this method as continuous compliance operations (ComOps).

Tip

Maintaining your program's controls is critical to sustaining a healthy compliance program—if your controls are healthy, your program is healthy, and a healthy program means you're compliant!

Control health

When program health is turned on, Hyperproof determines control health based on the following criteria:

Note

This best practice guide uses Hyperproof's default control health calculations. It's possible to customize your organization's control health, however, it's only recommended if the default settings do not suit your organization's needs! See Customizing your program's health.

Control health statuses

Hyperproof has three control health statuses:

Basic control management

In addition to ensuring that your controls are healthy, it's recommended to do the following:

  1. Assign each control in your program to an owner. This ensures that at least one team member is responsible for maintaining the control.

  2. Set a recurring review cadence on controls that automatically notifies the control owner when it needs to be reviewed. This can be done in several different ways: freshness, tasks, repeating tasks, or automated control testing.

  3. Link controls to one or more requirements from one or multiple compliance frameworks. Each requirement in your compliance program should be linked to at least one control.

  4. Link proof directly to controls manually or automatically (recommended).

  5. Set up automated tests on your controls.