Can a Control Objective and Control associated with a policy be revised? If so, can you please help me with the procedure?

ASWIN KUMAR SUR
Tera Contributor

Can a Control Objective and Control associated with a policy be revised? If so, can you please help me with the procedure?

I can understand that a policy can be revised if it is in 'Published' state. But what if a control objective/control needs a revision?

1 ACCEPTED SOLUTION

Hi @ASWIN KUMAR SURESH ,

Deactivating control objective means, control objective is no longer relevant to their citation or parent control objective.

And you are true that, when we activate a control objective with some modifications then all the instances(means controls) created from control objective will be move back to Draft state by associating latest changes from control objective.

So as you mentioned, it will enables us to have workflow back for revision of controls.

 

Please Mark ✅ Correct/helpful, if applicable.

Thanks,

Srinivasulu Laggala

 

 

 

View solution in original post

8 REPLIES 8

Community Alums
Not applicable

Hi @ASWIN KUMAR SURESH ,

It depends on what exactly you want to change. From a process perspective changing a Control Objective would certainly require related controls to be attested again. However, if you have valid arguments not to do so then check business rule 'Cascade Changes' that runs on the control objectives. This BR will update related controls when certain fields on the Control Objective change.

Mark my answer correct & Helpful, if Applicable.

Thanks,
Sandeep

ASWIN KUMAR SUR
Tera Contributor

Thanks for your time and explanation, @Sandeep Dutta. This will certain help me explore.

Can you also let me know how we can revise a Control Objective ?

In Compliance workspace, we have option to revise a policy and we can also see each revision information from 'Policy History' tab. But from where can we see the similar details for Control Objectives and Controls?

Thanks,

Aswin.

 

Community Alums
Not applicable

Hi @ASWIN KUMAR SURESH ,

You can deactivate the Control Objective or retire the controls if required and create a new control objective.

To Deactivate the control objective :

  1. Navigate to All > Policy and Compliance > Policies and Procedures > Control objective.
  2. Open a control objective.
  3. In the control objective, clear the check box marked Active.
  4. Click Update

Mark my answer correct & Helpful, if Applicable. This is applicable for the earlier answers too.

Thanks,
Sandeep

ASWIN KUMAR SUR
Tera Contributor

Hello @Sandeep Dutta ,

Sure. I observed that when a Control Objective is deactivated, all of its associated controls are automatically retired.

At this point in time, we can update certain fields (not all) in the Control Objective. 

Can I consider this as revision/ update of Control Objective?

Also after the updates when the Control Objective is made active again, all of the associated controls are automatically back to 'Draft' state and hence this allows one more approval workflow which can be related to revision of a Control.

Please let me know if this understanding is correct.

Thanks,

Aswin.