Control maintenance - Additional steps to take
While the bulk of control maintenance revolves around keeping your controls healthy, there are two additional actions you can perform to help keep your controls up-to-date.
Linking controls to requirements
Controls are the driving force behind a compliance framework's requirements—they exist to help your organization ensure that requirements are successfully met. When you use Hyperproof's illustrative controls, they are pre-linked to your compliance framework's requirements. You can always link more controls to a requirement or unlink a control from a requirement. In Hyperproof's assessment module, controls and requirements can be audited for attributes such as design, language, effectiveness, and reliability.
Since requirements are not editable in Hyperproof, controls can be used to customize requirements to better suit your organization's needs. You can change what you need, as well as document the criteria by which the requirement is met, directly in the control (provided that you have sufficient privileges in Hyperproof to do so).
Adding users to controls
Every control in your compliance program needs to have an owner. This is the individual responsible for ensuring the control is doing its job of meeting any linked requirements. If desired, the control owner can add additional team members to the control and divide the workload. For example, the control owner might add a team member whose sole responsibility is to ensure that the control is successfully implemented. The control owner can use tasks and/or repeating tasks to track work done on the control.
There is no limit to the number of team members who can be added to a control. The control owner can assign team members different permission levels so that only those with manager-level permissions can edit the control. See Object roles and permissions.