Custom Frameworks

Estimated reading: 7 minutes 600 views

What are custom frameworks?

TrustCloud supports several standards and frameworks out of the box, including SOC 2, CMMC, and ISO 9001, to name a few. The best part is that TrustCloud is constantly adding new frameworks to expand the TrustCloud Common Control Framework (TCCCF). Organizations, regulations, and business needs are constantly evolving, and therefore, you might need certain frameworks that are currently not supported by the TrustCloud platform. To enable you to meet your ever-evolving framework needs, TrustCloud now offers the flexibility of creating your own custom frameworks and standards. TrustCloud now allows you to build, maintain, and monitor unlimited custom frameworks while leveraging the power of our common control framework (TCCCF).

Getting Started

To create a custom framework, you need the details of the framework you want to implement, including different sections and clauses, as well as any specific implementation details.

To create a custom framework via the frameworks page, 

  1. Go to your TrustOps program and click on “Frameworks” section from the left-hand menu.
  2. On the “Custom Frameworks” page, click on the “+ Create New Custom Framework” button.
    The following screenshot shows the Custom Frameworks page.
    TO Custom Frameworks Main 01
  3. Enter a name and select a category of the framework, as shown in the screenshot.
    TO Custom Frameworks Details 02
  4. Click on “Download template” button to download a template and fill in your framework details. This will serve as the basis for building your framework.
    TO Custom Frameworks Import Framework 03
  5. Refer to the following “Key Definitions” section; it provides details on which columns are required. Keep in mind that this is just the basis for getting started. You will be able to modify any element of this framework via the product UI, even after uploading it.
  6. Enter the information and upload it as a framework.
  7. Click on “Import Framework” button.

Key Definitions: Upload Template

Column Notes Required
Framework Name Add the name of the standard and the framework. Yes
Section Name This represents the first level of a standard. For example, for SOC 2, this translates to the criteria field. Yes
Section Description This is an overview of what the section covers. For example, for SOC 2, this translates to a description of the CC 1 Control Environments. No
Section ID This represents the section number. For example, for SOC 2, this translates to CC1. Yes
Subsection Name This is the second layer of the standard and indicates how a section is broken down. For example, for SOC 2, this translates to CC1.1 or CC1.2. Yes
Subsection Description This is an overview of what the subsection covers. For example, for SOC 2, this translates to a description of the CC 1.1 criteria. Use this description to identify appropriate controls in your program so you can leverage the power of a Common Control Framework. Yes
Subsection ID This represents the subsection number. For example, for SOC 2, this translates to CC1.1. Yes
Mapped TrustCloud Control This represents the control name that is being used to meet the subsection requirement. Please note that a control must be in your program for the import workflow to map correctly. No
Mapped TrustCloud Control ID This represents the control ID that is being used to meet the subsection requirement. Please note that a control must be in your program for the import workflow to map correctly. To map multiple controls to each subsection, replicate the entire row with the same subsection details and then add a new control ID number to the newly duplicated row. No

If you need help populating the template, contact the support team and have one of our Trust Advisors help you. If something is wrong or you miss something, you can edit this entire framework, along with controls, sections, and subsections within the product UI itself.

Adding or Editing a Section

Once you create a framework, it will appear in “Custom Frameworks” page. You can add section and subsection to your framework.

To add a new section,

  1. Go to your TrustOps program and click on “Frameworks” section from the left-hand menu.
  2. On the “Custom Frameworks” page, click on the framework. 
  3. On the framework details page, you can view sections, subsections, mapped controls and mapped policies for your framework.
  4. Click on the “+ Add Section” button.
    TO Custom Frameworks Add Section 04
  5. Enter details like Section ID, Section Name, and Section Description, and click on the “Create Section” button. A section will be added to your framework.

To edit a section,

    1. Click on the three-dot icon in front of each section.
    2. Click “Edit Section” to modify the section name, ID, and description.

Adding or Editing a subsection

Subsections form the core of a framework or standard. They represent the actual requirement to map our common controls. Make sure your subsection descriptions are closely aligned with the framework or standard you are building, as the TrustCloud AI algorithm uses this description to build the control mappings.

To add a subsection,

  1. On the “Custom Frameworks” page, click on the framework. 
  2. On the framework details page, click on the section to which you want to add a subsection.
    TO Custom Frameworks Add Subsection 05
  3. Click on “Add subsection” button.
    TO Custom Frameworks Add Subsection 06
  4. Enter the subsection ID, name and description, and click on “Add Subsection” button.
    TO Custom Frameworks Map Controls 07

To edit a subsection, 

  1. Click on the three-dot icon in front of the section in the list.
  2. Click on the “Edit Subsection” option. Modify the subsection name, ID, and description.

Controls

Controls are mapped to each framework. TrustCloud allows the mapping of controls to subsections.

To map controls to subsections,

  1. On the “Custom Frameworks” page, click on the framework. 
  2. On the framework details page, click on the section.
  3. Click on the “Map Control Button” to link the subsections to controls within the TrustCloud program.
  4. The AI algorithm suggests a few program controls from the catalog to help you get started. Search for a particular control and click on the plus button to begin mapping.
    TO Custom Frameworks Map Controls Add 08
  5. Click on “Add” button.
  6. All the added controls are listed in the subsection. You can view or delete these controls using the icons in front of each control.
    TO Custom Frameworks Map Controls Added 09

If you need help with mapping or missing controls, contact the support team and have Trust Advisors assist. To have all your mappings in place on day one, you can always create new custom controls and map them to frameworks from the controls page.

AI-generated control suggestions

TrustCloud’s AI advisor scans your subsections and suggests a few controls from the common control catalog to help you build your custom framework. If you face any issues, contact the support team.

Policies

Frameworks and standards are often connected to company policies as well. At this time, TrustCloud allows the mapping of policies to sections. 

To map controls to subsections,

  1. On the “Custom Frameworks” page, click on the framework. 
  2. On the framework details page, click on the section.
  3. Click on the “Add Policy” button or go to Policy tab and click on “Map program policy” button.
    TO Custom Frameworks Map Policy 11
  4. Search for policy names or add policies from the auto-populated list and click on “Add” button.
    TO Custom Frameworks Add Policy 10
  5. All the policies will be displayed under the “Policies” tab of a section.
    TO Custom Frameworks Added Policy 12
  6. You can view or delete these policies using the icons in front of each control.

Framework Mapping and Program-Wide Use

Custom frameworks are just like any other framework! You’ll be able to map them across the platform and view them from the “Audit Dashboard”. You can edit a control mapping or policy mapping from the respective entity’s page.

Join the conversation

ON THIS PAGE
SHARE THIS PAGE

SUBSCRIBE
FlightSchool
OR