Control attestation
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2024 05:05 AM
Hello,
What happens if I check 'not applicable' in the control attestation? will the indicators attached to the control put as not applicable run?
Best regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2024 11:17 PM
Hi,
I'm not sure if I got the question right, is it whether the indicators will run for a control which is having a compliance status set to "Not applicable" ? Is it's the case, the answer will be yes.
Attestations and Indicators come in various phases during the control lifecycle. These are respectively the control phases throughout its lifecycle :
- Draft
- Attest (When the control owner will be attesting the control implementation)
- Review
- Monitor (When the indicators will come to play)
- Retired
Therefore, if you attest a control to "Not applicable" during the "Attest" phase and then during the "Monitor" phase, an indicator task will be created and assigned .i.e to the control owner, it will be updating the contorl status to the indicator result.
I hope it helps!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2024 11:53 PM
Hi @jaikellaila ,
Can you attach a screenshot here, where you are marking 'not applicable' in the control attestation!!
But, if you are not attesting the control, then Yes, indicators attached to the control put as not applicable run.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-20-2024 02:56 AM - edited 02-20-2024 02:57 AM
Hi Jaikellaila,
The best answer is to create a sample control test and try to attest using the "Not applicable" answer. If you answer "Yes" to the question, the control will automatically change the status to Compliant. If you answer "No", the control will automatically change the status to Non-Compliant. If you say "Not applicable", the status of the control will be "Not applicable".
You need to understand attestation and indicators they look similar but they are part of different stages in the lifecycle. The indicators are continuous monitoring and the control attestation is the declaration they have a method to enforce the objective.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-21-2025 07:12 AM
What should happen if you notice that the control owner/attestation respondent selected "Yes" but the control is not being implemented/in place. When they select "yes" it gets marked as compliant without there being an acceptance or request for revision option. If you notice that they respondent should have selected no, what is the appropriate procedure to move forward to change the status to non-compliant? Should you create an "Issue" under that specific control and then work with the respondent to resolve the issue?