Adding Controls

Estimated reading: 4 minutes 562 views

TrustCloud understands that your business is unique, and you might already have security and privacy programs in place. So, control customization is a focus and a pillar of TrustCloud’s platform, making it effortless for you to craft custom controls. TrustOps gives you the ability to add a custom control to your program and add any related tests to that control. It also allows you to map the custom control to any of TrustCloud’s out-of-the-box standards.

Why add a control?

TrustCloud provides you with a comprehensive set of controls to get certified against several out-of-the-box standards. Occasionally, these controls need to be modified or new custom controls added to better cater to your organization’s needs. TrustOps treats custom controls very similarly to the TrustCloud control framework. You will be able to add any related tests to that control as well as map them to existing standards.

A step-by-step guide to adding controls and completing the mapping process

This workflow will guide you through the process of creating and mapping a custom control.

  1. Click on “Programs” in your TrustOps program.
  2. Select “Controls”. On the controls page, 
    The following screenshot shows how to add a control.
    TO Controls Adding Controls
  3. Click on the “+ Add Control” button in the top-right corner of the table.
    The following screenshot shows how to add a custom control.
    TO Controls Adding Controls 02
  4. Click on the “Proceed” button.
  5. Enter all the relevant control attributes. You need the following mandatory information to move on to the next step:
    1. Control Name: The name of the control
    2. Control Statement: Description of what this control does
    3. Control ID: Unique identifier for this control
    4. Group: Each control is mapped to a certain group, which is equivalent to a team or department in your organization.
    5. Evaluation Frequency: Your evaluation frequency is the frequency at which you are testing that your controls are still in place and nothing is out of compliance. This tool is useful to ensure you are continuously complying.
    6. Ownership is not mandatory, and owners can be added later, although we do recommend you assign it as soon as possible. You can assign an owner by clicking on the “Assign Owner” button.
      The following screenshot shows the mandatory information to create a control.
      TO Controls Adding Controls 03

  6. Click on the “Proceed” button.
  7. The next step involves mapping standards, linking policies, and defining self-assessment tests for the new custom control.
    The following screenshot shows how to map the standards and link policies to your control.
    TO Controls Publish Control
    Controls can be mapped to all the standards available in your program using the “Add Standards Mapping” button. There is no limit to how many standards can be mapped, and mapping can always be updated or changed later as well. Controls can also be mapped to existing policies using the “Add Policy Links” button. There is no limit to how many policies can be linked, and linking can always be updated or changed later as well.
  8. There are the self-assessment tests. As this is a custom control, the evidence for it needs to be manually collected and uploaded. The “Add Self Assessment” button workflow guides you through the process. You can also map appropriate systems to this assessment, keeping in mind that evidence collection is manual. Each control can have multiple self-assessments based on the complexity of the control as well as the variety of evidence required. Please refer to the ‘Self-Assessments” section for more details on these types of tests.
    1. Click on the “Add Seff-Assessment” button.
    2. Enter details like the assessment name, question, description, evidence requirement, system, etc.
    3. Click on the “Proceed” button.The following screenshot shows the definition of self-assessment tests for the new custom control.

      TO Controls Create Self Assessment

  9. Once you are done, the custom control can be published using the “Publish” button. You can now see this via the main controls page, search, and standards mapping views. You can edit any part of this control later as well.

Join the conversation