Control maintenance best practices
Hyperproof is structured so that controls are the center point for all of your compliance operations. This means "everything else"—requests, risks, requirements, evidence, issues, and so on—is linked to your controls. Hyperproof refers to this method as continuous compliance operations (ComOps).
Tip
Maintaining your program's controls is critical in order to sustain a healthy compliance program—if your controls are healthy, your program is healthy, and a healthy program means that you're compliant!
Control health
When program health is turned on, Hyperproof determines control health based on the following criteria:
Note
This best practice guide uses Hyperproof's default control health calculations. It's possible to customize your organization's control health, however, it's only recommended to do so if the default settings do not suit your organization's needs! See Customizing your program's health.
Control health statuses
Hyperproof has three control health statuses:
Basic control management
In addition to ensuring that your controls are healthy, it's recommended to do the following:
Assign each control in your program to an owner. This ensures that there is at least one team member responsible for maintaining the control.
Set a recurring review cadence on controls that automatically notifies the control owner when it needs to be reviewed. This can be done in several different ways: freshness, tasks, repeating tasks, or automated control testing.
Link controls to one or more requirements from one or multiple compliance frameworks. Each requirement in your compliance program should be linked to at least one control.
Link proof directly to controls either manually or automatically (recommended).
Set up automated tests on your controls.