Estimated reading: 3 minutes 4038 views

What are controls?

Controls are processes you follow as an organization to prevent a potential risk from happening and affecting your business. In TrustCloud, they are the foundational building blocks of the organization’s compliance program.

Common types of controls

In a compliance program, there are mechanisms or measures put in place to ensure that an organization’s activities align with relevant laws, regulations, policies, and standards. These controls help manage risks and ensure adherence to ethical and legal standards.


Here are some common types found in compliance programs:

  1. Administrative: These involve policies, procedures, and guidelines established by management to ensure compliance. They include things like employee training, documented processes, and assigning responsibilities.
  2. Technical: They use technology to enforce compliance. This can include access controls, encryption, authentication mechanisms, and monitoring systems to detect and prevent unauthorized access or activities.
  3. Physical: These involve measures to protect physical assets and resources. Examples include locks, security cameras, access badges, and restricted access to sensitive areas.
  4. Detective: They are designed to identify compliance breaches after they occur. This includes activities such as audits, monitoring systems, data analysis, and regular reviews of processes and procedures.
  5. Preventive: They aim to stop compliance violations before they happen. These can include pre-approval processes, segregation of duties, risk assessments, and implementing safeguards to prevent unauthorized actions.
  6. Corrective: They are implemented in response to compliance violations or incidents. They include actions taken to mitigate the impact of breaches, such as disciplinary measures, process improvements, and implementing corrective action plans.
  7. Monitoring and Reporting: These involve ongoing monitoring of compliance activities and reporting mechanisms to track performance, identify issues, and communicate with relevant stakeholders. This can include compliance dashboards, reporting tools, and escalation procedures.

By implementing a combination of these controls tailored to the specific risks and requirements of the organization, compliance programs can effectively manage and mitigate compliance risks while fostering a culture of integrity and accountability.

For more information, please read the Key Concepts and Terminology section in Compliance Launchpad.

Controls in TrustOps

TrustOps derives them from two sources:

1. Custom controls that have been added to TrustCloud by you. They are built and maintained on your own.

2. Controls that are inherited from the TrustCloud Common Controls Framework (TCCCF)

TrustOps helps you programmatically adopt and verify controls and policies that map to your GRC and customer commitments.

Sign up with TrustCloud to learn more about how you can upgrade GRC into a profit center by automating your organization’s governance, risk management, and compliance processes.

Here is a list of articles to learn about all related topics:



Join the conversation